• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
JKWong

Help

81 posts in this topic

Hey, I'm new here and my computer's internet connection was constantly being reset. Whenever I tried playing games with my friends using MSN, the MSN would crash. I thought that the problem was my LimeWire and Azureus because there were rumors about those programs having viruses. I uninstalled them and downloaded Ares instead. When I tried to open Ares, my computer would restart. So I asked my friend about this and he said to scan with Spybot: Search and Destroy and Lavasoft's Ad-Aware's SE Professional. He said if I had more problems I should download HijackThis and post my results on a forum. Well I still had problems after using SpyBot and Lavasoft so I downloaded HijackThis and this is the log file.

 

My computer connection has been resetting itself much more than it had before, so I saved a new HijackThis logfile. If you want to see the one I took one June 3rd just send me a message.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:59:37 PM, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Your help is much appreciated. Thanks in advance!

Edited by JKWong

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi JKWong,

 

Sorry for the delay!!! We are just too busy.

 

Please post a fresh HJT log as requested, just is case there are any new changes.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 12:06:07 PM, on 6/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

This is a more updated log file...your help is greatly appreciated! Thanks in advance!

Share this post


Link to post
Share on other sites

Hi JKWong,

 

Unless something is hiding, there isn’t too much to worry about. Let’s try the following program to see if it finds something for us.

 

Download AVG Anti-Spyware from HERE and save that file to your desktop.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update".
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet

 

Please disable AdWatch, as it may hinder the AVG Anti-Spyware’s scan and cleaning process. You can re-enable it later again.

 

To disable AdWatch:

  • Open AdAware SE.
  • Go to AdWatch User Interface .
  • Go to Tools and Preferences.
    At the bottom of the screen you will see 2 options Active and Automatic.
  • Active : This will turn Ad-Watch On\Off without closing it
  • Automatic : Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.

After all of the steps are complete, it is very important that you enable AdWatch again.

 

Reboot into Safe Mode by restarting the computer; then repeatedly hit F8 while rebooting until you see the Windows Advanced Options menu. Use the arrow keys to highlight safe mode from the menu and press Enter.

 

While in safe mode, run a complete system scan with AVG Anti-Spyware.

IMPORTANT: Do not open any other windows or programs during the scan, it may interfere with the scanning process:

  1. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and reboot normally.

 

 

Your Adobe Acrobat Reader is outdated. You can go here to download the latest version:

http://www.macminute.com/2007/06/06/acrobat-update/

 

Your java needs to be updated as well. Please do the following to update it.

 

1. Close any open programs you may have running, especially your web browser.

 

2. Click Start/Control Panel

Depending on your OS or configuration, you may have to click Start/Settings/Control Panel

 

3. Open Add or Remove Programs.

 

4. Click once on any item listing Java Runtime Environment in the name.

Not every version of Java will begin with "Java" so be sure to read each entry in the list.

 

5. Click the Remove or Change/Remove button.

 

6. Follow steps 4 and 5 as many times as necessary to remove all versions of Java.

 

7. Also, search "Programs" and "Application Data" and remove old version files manually.

C:\Program Files\

C:\Documents and Settings\USERNAME\Application Data\

 

8. Reboot your PC once all Java components have been removed.

 

9. To reinstalling Java go here…

http://www.java.com/en/download/index.jsp

…and install the latest version from the website.

 

10. Then reboot your system.

 

My trust for any P2P program that brings ads to my system is zero. I would suggest getting Shareaza instead of having Ares. Shareaza brings absolutely no ads at all. Here is the download page:

 

http://www.shareaza.com/?id=download

 

Make sure you have absolutely no files left of LimeWire, Azureus or Ares if you decide to get Shareaza. If you decide to keep Ares, it’s up to you, but do find and get rid of any files from the other two programs.

 

There are Three entries like the following in your log. Do they belong to your ISP or company network?

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

 

I would like to see another HJT log please, along with the AVG Anti-Spyware report.

Share this post


Link to post
Share on other sites

When I scanned AVG-Antispyware in safe mode, the first scan had 168 infected objects, 1 low risk, 1 high risk, and the rest were medium risks. However, when I tried to save a report, the button would be gray (I was unable to click it). I scanned it again and had 1 infected object that was a medium risk. When I removed Java from my computer and tried to re-install it I got an error saying: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Also, if you could provide steps on how to upgrade my Adobe it would be greatly appreciated. (I don't know how to use the file that was downloaded ==') 192.168.0.1 is my computer's IP Address. Here is the HijackThis logfile, I apologize for not being able to provide a AVG-Antispyware report.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 9:49:46 PM, on 6/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Your help is greatly appreciated, and is a lot of help. Thanks again in advance!

Share this post


Link to post
Share on other sites

OK here are the steps to download and install Adobe Reader. You can delete the file you downloaded before if you want to start from the beginning, otherwise just do steps 9 and 10.

 

1. Go here to download: http://www.adobe.com/products/acrobat/readstep2.html

2. Uncheck the Adobe Photoshop® Album Starter Edition unless you want to download it as well.

3. Click the Download Adobe Reader button

4. Save the file when prompted with a File Download window

5. Make sure Save this program to disk is selected and click OK.

6. Choose to save the file to the desktop. Click the down arrow at the top of the dialog window and choose Desktop

7. Click SAVE to start the download.

8. Once the download finishes, quit your web browser and close all other open applications before installing it

9. Now to install, double click the file you downloaded.

10. Follow the instructions to install the program on your hard drive. Click YES / NEXT / OK as they come up.

 

It sounds weird that the Java installation gave you problems. Did you try installing it again?

 

Just so you know, most those multiple 018 items in the log are the result of the Logitech Desktop Messenger which gets installed along with another Logitech program because the EULA agreement is not read. It is also a resource hog. Unless you use it, you can remove Desktop Messenger in Add Remove programs.

 

When you are done that, open HJT and make sure all browsers and windows are closed except for Hijackthis and click Do a system scan only and put a check next to the following:

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

If you decided to remove the Desktop Messenger, also put a check next to all the multiple 018 entries related to Logitech Messenger like the following one:

 

O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

 

Then click Fix Checked and reboot

 

Please go to Jotti's Malware Scan and submit the following file (if found) for a scan and post the results in your next reply:

 

"D:\VSc\Enu\mcappins.exe" vsocfg.ini

 

Please post another HJT log and tell me if you still have any problems.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 6:12:44 PM, on 6/17/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

I couldn't find the file "D:\VSc\Enu\mcappins.exe" vsocfg.ini. I also have tried to re-install Java several times, every time had the same problem. Thanks for helping me re-install Adobe, and your help is once again much appreciated. Thanks in advance again!

Share this post


Link to post
Share on other sites

Try the Java download here:

http://www.java.com/en/download/manual.jsp

 

Click on the Windows download. It is the first one at the top. You may want to bookmark the page in case you need to go back to it again. Let me know if it works.

 

About the file I ask you to submit, it belongs to McFee, except the name doesn’t seem to match. Did you have McFee software install before?

 

What problems do you still have?

Share this post


Link to post
Share on other sites

The Java download still doesn't work, and are you talking about McAfee or McFee? I had McAfee installed on my computer before, and I'm not exactly sure what McFee is. The only problems I can think of is the search crashes and my internet connection resetting every couple of minutes.

Share this post


Link to post
Share on other sites

are you talking about McAfee or McFee? I had McAfee installed on my computer before

My typo mistake, I did mean McAfee. I have to be more careful when I'm tired.

 

You could be having file conflicts because I also noticed Symantec files as well. Maybe you also had Symantec Antivirus before. Can you see anything related to those two Antivirus in your Add/Remove programs? If you do, try to uninstall whatever you see related to them that you don't have there by choice.

 

Let’s try to get rid of any McAfee left over files. Go here and download RegSeeker:

 

http://www.majorgeeks.com/download2579.html

 

The download link is just bellow the “Free Downloads from” you see in that page.

 

Extract all the files into a folder of its own and safe it in your document.

Then open the folder and click “RegSeeker” to open the program.

 

The program will show you many options.

 

Below the name “RegSeeker” click “Find in Registry.”

Copy and paste McAfee in the Search for window.

Click “Search”.

 

Once it finds it/them, highlight the entry/entries first. Then right click on it/them and choose delete.

 

If it doesn’t find it/them, set your PC to show all files again. Then try a second time. Hide your files/folders when done.

 

If the Symantec files are there by choice, leave them, otherwise you can do the same for those as well.

 

After you do this clean up, reboot to allow changes and please post another HJT log.

Share this post


Link to post
Share on other sites

I couldn't find any Symantec files in my computer.

 

Logfile of HijackThis v1.99.1

Scan saved at 7:24:51 PM, on 6/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

OK, it is quite surprising you didn’t find any Symantec files because they clearly show in your log. Let’s try to deal with them with HJT. Make sure you are set to show hidden files and folders.

 

When you are done this, open HJT and make sure all browsers and windows are closed except for hijackthis and click Do a system scan only and put a check next to the following:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

Then click Fix Checked.

 

After that, reboot into Safe Mode by restarting the computer; then repeatedly hit F8 while rebooting until you see the Windows Advanced Options menu. Use the arrow keys to highlight safe mode from the menu and press Enter.

 

Now Using Windows Explorer, please search for and delete the following if found:

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Remember to hide your files/folders again when you are done.

 

Reboot normally.

 

Please do the following for me.

 

1. Open HJT

2. Click “Open The Misc Tools Section

3. Click “Open Uninstall Manager…

4. Click “Safe List…

5. Notepad will open up with a text. Copy and paste that text in your next reply, along with another log.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 1:00:49 PM, on 6/19/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\WINNT\tsnp2std.exe

C:\WINNT\vsnp2std.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\notepad.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe

O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

 

 

I am hoping that "Safe List" was a typo meaning "Save List"

 

?E?eXPAcAe±M·~ac

Ad-Aware SE Professional

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Shockwave Player

Ahead Nero BurnRights

Apple Software Update

AVG Anti-Spyware 7.5

Chinese (Traditional) Language Support

DivX Web Player

DoMore

DVD

EAX Unified (SHELL)

Final Fantasy VII XP Patch

FINAL FANTASY VIII

Gateway Ink Monitor

HijackThis 1.99.1

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

HP Photo & Imaging 3.1

HP PSC & OfficeJet 3.0

HP Software Update

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iPod for Windows 2005-09-23

iTunes

LiveUpdate 2.0 (Symantec Corporation)

Logitech SetPoint

Macromedia Flash Player 8

MapleStory

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Learning and Research Plus Support Files

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Picture It! Express 7.0

Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

Microsoft Visual Basic 6.0 Professional Edition

Microsoft Web Publishing Wizard 1.53

Microsoft Works 7.0

Mozilla Firefox (2.0.0.4)

MSN Internet Software

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MUSICMATCH?Jukebox

Nero OEM

Norton WMI Update

Ofoto Easy Upload ActiveX Control

overland

PC-Doctor for Windows

Q9 XP Big5 Pro

QuickTime

SCAR Divi CDE 3.06

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Shaw Secure

Shockwave

Spybot - Search & Destroy 1.4

SwiftSwitch

Symantec Network Driver Update

TI Connect 1.6

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

URGE

USB2.0 PC Camera (SN9C201&202)

Ventrilo Client

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Anti-Spy

Yahoo! Install Manager

Yahoo! Toolbar

 

Another thing is when I typed "msconfig" in run, I went to startup and found "D:\VSc\Enu\mcappins.exe" vsocfg.ini there.

Edited by JKWong

Share this post


Link to post
Share on other sites

Yes, you’re right, another typo.

 

The first entry in your Add/Remove programs is totally unknown to me. It looks like something you should uninstall as soon as possible if you are able to. If you can’t, let me know. It could be the one responsible for this "D:\VSc\Enu\mcappins.exe" vsocfg.ini entry in your log.

 

The last three entries I have in this list, which are in your Add/Remove programs, are related to Norton software, and I still see the entries in your HJT log. Do you use them? If you don’t use them, I would uninstall them for sure through Add/Remove.

 

Did you on purpose install the rest of the programs I have in this list? Most of them are related to games.

 

?E?eXPAcAe±M•~ac

DoMore

EAX™ Unified

Final Fantasy VII XP Patch

FINAL FANTASY VIII

MapleStory

Overland

Q9 XP Big5 Pro

SCAR Divi CDE 3.06

SwiftSwitch

TI Connect 1.6

URGE

Ventrilo Client

 

LiveUpdate 2.0 (Symantec Corporation)

Norton WMI Update

Symantec Network Driver Update

Share this post


Link to post
Share on other sites

I removed LiveUpdate 2.0 (Symantec Corporation) and Norton WMI Update with Add/Remove programs, and I couldn't find Symantec Network Driver Update in Add/Remove programs. Most of the items in your list are games that I used to play, but don't anymore. I can try to remove all the items you have on the list, but I'm not sure what the first entry is.

Share this post


Link to post
Share on other sites

If you don't use those programs, I would strongly suggest you remove them because they're just using resources and that slow down your system. As for the first entry, I have a strong feeling is nothing but bad news. Let see if HJT can give us more info on it. Please do the following:

 

1. Open HJT

2. Click Open The Misc Tools Section

3. Click Open Uninstall Manager…

4. Look for ?E?eXPAcAe±M•~ac in the list, highlighted and check in the Name: window. Tell me what you see there, please. It should tell you the name of the program that entry belongs to.

 

While you have HJT Open Uninstall Manager… window open, look for Symantec Network Driver Update. You should be able to see it there. You can delete it from there if you like, by highlighting it and clicking the Delete this entry button.

 

Let me know how it goes.

Edited by iguagaby

Share this post


Link to post
Share on other sites

I think ?E?eXPAcAe¡ÓM¡P~ac is the problem in my computer, because all it said was ?E?eXPAcAe¡ÓM¡P~ac with no uninstall command either.

Share this post


Link to post
Share on other sites

I'm not surprise there isn't much info on the D:\VSc\Enu\mcappins.exe" vsocfg.ini entry. Try deleting it with the Delete this entry comand in HJT. Let me know if it works. Just make sure you highlight the right entry before clicking the delete button.

 

Were you able to get rid of Symantec Network Driver Update?

 

I have to get ready to start work now. I'll ckeck on you later.

Share this post


Link to post
Share on other sites

I couldn't get rid of ?E?eXPAcAe¡ÓM¡P~ac by clicking Delete this entry, whenever I did, it would just reappear.

Share this post


Link to post
Share on other sites

It didn't work in safe mode either. By the way, I think i was able to remove the Symantec Network Driver Update

Share this post


Link to post
Share on other sites

Hi JKWong,

 

I tried to reply to you yesterday, but I kept on getting the “too many connections” error every time. At least you got rid of the Symantec Network Driver Update just in case it was creating conflicts. I’ll get back to you later with the next thing we can try. I’m not sure when that would be because it’s going to be a long day today. If I have a chance, I’ll do it before I go home, but now I have to start work.

 

Take care!!!

Share this post


Link to post
Share on other sites

Ok, let's try the following:

 

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

I'm still at work, but I had a bit of a break.

Share this post


Link to post
Share on other sites

ComboFix 07-06-21.3 - C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe

"Jonathan" - 2007-06-21 19:58:41 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Jonathan\Desktop.\internet explorer.lnk

C:\WINNT\system32\msxml3a.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NM

-------\LEGACY_NPF

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))

 

 

2007-06-21 19:29 49,152 --a------ C:\WINNT\nircmd.exe

2007-06-16 22:18 <DIR> d-------- C:\Program Files\iTunes

2007-06-16 22:14 <DIR> d-------- C:\Program Files\QuickTime

2007-06-16 10:36 <DIR> d-------- C:\Program Files\Ares

2007-06-15 20:02 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys

2007-06-08 18:43 <DIR> d-------- C:\Program Files\SCAR 3.06

2007-06-03 15:35 <DIR> d-------- C:\WINNT\.jagex_cache_32

2007-06-02 23:14 <DIR> d-------- C:\Program Files\Lavasoft

2007-06-02 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-31 21:07 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\AdobeUM

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-21 21:52:52 -------- d-----w C:\Program Files\Warcraft III

2007-06-20 01:54:01 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-18 01:10:02 6,612 ----a-w C:\WINNT\mozver.dat

2007-06-18 00:34:45 -------- d-----w C:\Program Files\Logitech

2007-06-17 21:12:52 -------- d-----w C:\Program Files\MSN Messenger

2007-06-17 05:19:00 -------- d-----w C:\Program Files\iPod

2007-05-17 01:30:47 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-16 15:12:02 683,520 ----a-w C:\WINNT\system32\inetcomm.dll

2007-05-06 21:06:24 -------- d-----w C:\Program Files\DivX

2007-04-27 05:59:03 -------- d-----w C:\Program Files\Apple Software Update

2007-04-25 14:21:15 144,896 ----a-w C:\WINNT\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll

2007-04-17 05:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll

2007-04-17 05:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll

2007-04-17 05:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll

2007-04-17 05:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll

2007-04-17 05:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll

2007-04-17 05:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll

2007-04-17 05:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe

2007-04-17 05:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll

2007-04-17 05:44:20 271,224 ----a-w C:\WINNT\system32\mucltui.dll

2007-04-17 05:44:18 208,248 ----a-w C:\WINNT\system32\muweb.dll

2007-04-12 04:58:33 40 ----a-w C:\WINNT\system32\q9sdyd.bin

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll [2004-09-29 12:02]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINNT\system32\bthprops.cpl]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINNT\KHALMNPR.Exe]

"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2005-10-25 18:51]

"F-Secure TNB"="C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" [2005-07-18 07:51]

"F-Secure Startup Wizard"="C:\Program Files\Shaw Secure\FSGUI\FSSW.exe" [2005-10-18 01:29]

"News Service"="C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" [2005-05-31 05:45]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"SRUUninstall"="C:\WINNT\System32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"=1 (0x1)

"AllowUnhashedWebView"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages scecli scecli

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINNT\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=C:\WINNT\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=C:\WINNT\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]

"C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINNT\System32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\autoplay.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-20 00:42:45 C:\WINNT\tasks\AppleSoftwareUpdate.job

2004-05-07 13:09:15 C:\WINNT\tasks\ISP signup reminder 1.job

2004-05-18 06:30:00 C:\WINNT\tasks\ISP signup reminder 2.job

2007-06-22 00:04:53 C:\WINNT\tasks\Scheduled scanning task.job

2007-03-21 13:51:00 C:\WINNT\tasks\WebReg 20040507065120.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-21 20:22:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

 

 

Completion time: 2007-06-21 20:28:49

C:\ComboFix-quarantined-files.txt ... 2007-06-21 20:28

 

--- E O F ---

Share this post


Link to post
Share on other sites

Scan Results for C:\WINNT\nircmd.exe

 

Scanner results

Scan taken on 25 Jun 2007 00:51:40 (GMT)

A-Squared

Found Heuristic.Dialer.RAS

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Scan Results for C:\WINNT\system32\q9sdyd.bin

 

Scan taken on 25 Jun 2007 01:08:31 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Scan Results for C:\WINNT\tasks\WebReg 20040507065120.job

 

Scan taken on 25 Jun 2007 01:14:33 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Share this post


Link to post
Share on other sites

Now, let's try HJT “Delete a file on reboot” function to get rid of the C:\WINNT\nircmd.exe file.

 

Make sure all browsers and windows are closed

 

Open HJT again and do the following:

 

1. Click on “Open the Misc. tool Section.

2. Click the "Delete a file on reboot."

3. Then Copy and paste the file bellow in the "File name" window.

 

C:\WINNT\nircmd.exe

 

4. Select "Open."

5. Select "Delete a file on reboot" and select "Yes" when asked to reboot.

 

Then, please post another HJT log for me to see, and tell me if you notice any improvement.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 7:52:49 PM, on 6/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\FSGUI\ispnews.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Share this post


Link to post
Share on other sites

It looks like we got rid of the O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini file. I don’t see it anymore.

 

try checking for the other weird entry in your Add/Remove using HJT.

 

1. Open HJT

2. Click Open The Misc Tools Section

3. Click Open Uninstall Manager…

4. Look for ?E?eXPAcAe±M•~ac to see if it's still there.

 

I’m suspicious of the following file. Can you please search for it in your system and check its properties and tell me if it belongs to the F-Secure software. If it doesn’t, we’ll need to get rid of it. The little "~" usually stands for more characters in the file name.

 

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

 

There is a 09 entry that we need to fix. You have to be very careful to check the right one. There are two similar. Make sure you check the one that has the no name on it. There is also the Symantec entry still showing. So go ahead and open HJT and make sure all browsers and windows are closed except for hijackthis and click Do a system scan only and put a check next to the following:

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

Then click Fix Checked.

 

Using Windows Explorer, please search for and delete the following folder if found:

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

Try in safe mode if you need to.

 

Reboot normally, and remember to let me know of any improvements if you see any.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:11:44 PM, on 6/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

C:\WINNT\system32\rundll32.exe

C:\Program Files\Shaw Secure\Common\FSM32.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\Shaw Secure\Common\FSMA32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Shaw Secure\Common\FSMB32.EXE

C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

C:\Program Files\Shaw Secure\Common\FCH32.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Shaw Secure\Common\FAMEH32.EXE

C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe

C:\Program Files\Shaw Secure\FSPC\fspc.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe

C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe

C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe

C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160890996671

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

 

My internet connection seems still disconnect now and then. I can't seem to get rid of the ?E?eXPAcAe±M•~ac and I removed the Symantec thing again (I hope). I couldnt find C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE in my computer, searching in normal and safe mode.

Edited by JKWong

Share this post


Link to post
Share on other sites

The Symantec left over is still there in your log, but don't worry about it for now.

 

Please download the latest version of RootKitRevealer from here:

http://filehippo.com/download_rootkit_revealer/

There's no installation process; simply unzip the files to the desktop, turn off all other programs, open RootkitRevealer.exe, click the Scan button in the lower left corner of the application's window, and sit back, put down the mouse, and let the program do its work.. This will generate a log file; please post the entire contents of the log file here for me to see.

Share this post


Link to post
Share on other sites

HKU\.DEFAULT\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKU\.DEFAULT\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKU\S-1-5-21-3581479435-965929664-111260471-1008\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKU\S-1-5-21-3581479435-965929664-111260471-1008\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKU\S-1-5-21-3581479435-965929664-111260471-1008\Software\F-Secure\Anti-Spyware\time 6/25/2007 5:41 PM 4 bytes Data mismatch between Windows API and raw hive data.

HKU\S-1-5-21-3581479435-965929664-111260471-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Wbanguna\Erprag\ubg jbzra svatrevat urefrys.... ahqr frk ch 6/25/2007 5:41 PM 16 bytes Hidden from Windows API.

HKU\S-1-5-18\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.

HKLM\SECURITY\Policy\Secrets\SAC* 10/6/2003 12:46 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 10/6/2003 12:46 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Hewlett-Packard\HP Software Update\enumDone 4/15/2007 6:07 PM 3 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 10/18/2006 5:19 PM 0 bytes Access is denied.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\chenchen262@hotmail.com\DFSR\Staging\CS{8A37D73A-111B-A821-D299-81AD2BFBEF28}\01\234-{8A37D73A-111B-A821-D299-81AD2BFBEF28}-v1-{6AD00 6/3/2007 8:53 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\crashintoy0u@hotmail.com\DFSR\Staging\CS{CBED7A7C-5B71-B8FE-B1CA-3C82A548DDF1}\01\166-{CBED7A7C-5B71-B8FE-B1CA-3C82A548DDF1}-v1-{6AD0 10/20/2006 10:48 AM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\01\228-{A3520C43-2D5E-855E-6C1A-F66F16C507B7}-v1 11/12/2006 2:33 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\29\618-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v2 3/29/2007 10:56 AM 18.21 KB Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\29\618-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v2 3/29/2007 10:56 AM 2.00 KB Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\76\1476-{FA13E046-D05C-41C7-A470-43918855DC9A}-v 6/2/2007 9:59 PM 19.78 KB Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\djchow92@hotmail.com\DFSR\Staging\CS{5DC1DA30-85F6-95CA-C980-D1A28D9781DC}\01\232-{5DC1DA30-85F6-95CA-C980-D1A28D9781DC}-v1-{6AD007D1 3/6/2007 8:58 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\00\100-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v100-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\00\100-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v100-{F 11/6/2006 10:04 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\101-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v101-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\101-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v101-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\12-{C510B5BD-2C76-5A95-60D0-DE037F4B6668}-v1-{6AD0 10/12/2006 8:47 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\201-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v201-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\102-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v102-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\102-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v102-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\202-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v202-{F 11/6/2006 10:09 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\03\103-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v103-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\03\103-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v103-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\04\104-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v104-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\04\104-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v104-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\05\105-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v105-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\05\205-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v205-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\106-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v106-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\106-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v106-{F 11/6/2006 10:04 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\206-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v206-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\07\107-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v107-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\07\207-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v207-{F 11/6/2006 10:09 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\108-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v108-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\108-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v108-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\208-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v208-{F 11/6/2006 10:09 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\109-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v109-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\109-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v109-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\209-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v209-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\110-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v110-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\110-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v110-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\210-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v210-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\111-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v111-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\111-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v111-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\211-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v211-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\112-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v112-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\112-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v112-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\212-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v212-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\13\113-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v113-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\114-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v114-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\114-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v114-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\214-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v214-{F 11/6/2006 10:09 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\115-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v115-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\115-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v115-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\215-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v215-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\116-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v116-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\116-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v116-{F 11/6/2006 10:04 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\216-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v216-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\117-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v117-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\117-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v117-{F 11/6/2006 10:04 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\217-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v217-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\18\118-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v118-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\18\218-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v218-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\19\119-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v119-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\19\119-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v119-{F 11/6/2006 10:04 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\120-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v120-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\120-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v120-{F 11/6/2006 10:04 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\220-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v220-{F 11/6/2006 10:10 PM 136 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\320-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v320-{F 11/11/2006 4:16 PM 392 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\121-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v121-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\221-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v221-{F 11/6/2006 10:10 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\321-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v321-{F 11/11/2006 4:16 PM 2.00 KB Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\122-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v122-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\122-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v122-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\222-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v222-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\123-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v123-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\123-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v123-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\223-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v223-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\24\124-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v124-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\24\124-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v124-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\25\125-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v125-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\25\125-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v125-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\26\126-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v126-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\26\126-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v126-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\27\127-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v127-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\27\127-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v127-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\28\128-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v128-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\28\128-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v128-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\29\129-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v129-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\29\129-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v129-{F 11/6/2006 10:05 PM 168 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\30\130-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v130-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\30\130-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v130-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\31\131-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v131-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\31\131-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v131-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\132-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v132-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\132-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v132-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\332-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v332-{F 11/12/2006 9:41 PM 160 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\33\133-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v133-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\33\133-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v133-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\134-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v134-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\134-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v134-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\334-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v334-{F 11/12/2006 9:42 PM 1.90 KB Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\35\135-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v135-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\35\135-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v135-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\36\136-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v136-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\36\136-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v136-{F 11/6/2006 10:05 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\37\137-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v137-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\37\137-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v137-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\38\138-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v138-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\38\138-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v138-{F 11/6/2006 10:05 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\39\139-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v139-{F 11/6/2006 10:06 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\40\140-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v140-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\41\141-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v141-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\42\142-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v142-{F 11/6/2006 10:06 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\43\143-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v143-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\43\43-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v43-{F6E 10/12/2006 8:47 PM 232 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\44\144-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v144-{F 11/6/2006 10:06 PM 224 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\45\145-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v145-{F 11/6/2006 10:06 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\45\45-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v45-{F6E 10/12/2006 8:48 PM 960 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\47\147-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v147-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\47\47-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v47-{F6E 10/12/2006 8:48 PM 776 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\48\148-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v148-{F 11/6/2006 10:06 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\48\48-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v48-{F6E 10/12/2006 8:48 PM 1008 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\49\149-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v149-{F 11/6/2006 10:06 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\52\152-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v152-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\53\153-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v153-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\54\154-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v154-{F 11/6/2006 10:06 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\55\155-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v155-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\56\156-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v156-{F 11/6/2006 10:06 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\57\157-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v157-{F 11/6/2006 10:07 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\58\158-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v158-{F 11/6/2006 10:07 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\59\159-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v159-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\60\160-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v160-{F 11/6/2006 10:07 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\61\161-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v161-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\62\162-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v162-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\63\163-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v163-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\64\164-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v164-{F 11/6/2006 10:07 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\65\165-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v165-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\66\166-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v166-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\66\66-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v66-{F6E 11/6/2006 9:58 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\67\167-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v167-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\67\67-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v67-{F6E 11/6/2006 9:58 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\68\168-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v168-{F 11/6/2006 10:07 PM 128 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\68\68-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v68-{F6E 11/6/2006 9:59 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\69\169-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v169-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\69\69-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v69-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\70\170-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v170-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\70\70-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v70-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\71\171-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v171-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\71\71-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v71-{F6E 11/6/2006 10:02 PM 72 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\72\172-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v172-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\72\72-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v72-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\73\173-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v173-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\73\73-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v73-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\74\174-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v174-{F 11/6/2006 10:07 PM 128 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\74\74-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v74-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\75\175-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v175-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\75\75-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v75-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\76\176-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v176-{F 11/6/2006 10:08 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\77\177-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v177-{F 11/6/2006 10:08 PM 120 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\77\77-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v77-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\78\178-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v178-{F 11/6/2006 10:08 PM 96 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\78\78-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v78-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\79\179-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v179-{F 11/6/2006 10:08 PM 88 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\79\79-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v79-{F6E 11/6/2006 10:02 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\80\180-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v180-{F 11/6/2006 10:08 PM 112 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\80\80-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v80-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\81\181-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v181-{F 11/6/2006 10:08 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\81\81-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v81-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\82\182-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v182-{F 11/6/2006 10:08 PM 104 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\82\82-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v82-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jame

Share this post


Link to post
Share on other sites

I can't see anything to worry about there.

 

Download Blacklight from this website:

http://www.f-secure.com/blacklight/

Save it to your desktop and double click on the file.

 

Make sure you close everything else, and then have it scan your computer but do not try to fix or delete anything identified by the tool, it may list legitimate programs.

 

If the scan does find anything then copy and paste the log back to this thread. The log should be on your desktop or root directory (C:\). This is the format for the log file name:

fsbl-<date-and-time>.log

 

If you have any trouble finding it do a search for fsbl*.log.

Share this post


Link to post
Share on other sites

I'm not sure if this is the log file, but it appeared on my desktop after the scan.

 

06/25/07 23:06:24 [info]: BlackLight Engine 1.0.64 initialized

06/25/07 23:06:24 [info]: OS: 5.1 build 2600 (Service Pack 2)

06/25/07 23:06:25 [Note]: 7019 4

06/25/07 23:06:25 [Note]: 7005 0

06/25/07 23:06:30 [Note]: 7006 0

06/25/07 23:06:30 [Note]: 7011 6256

06/25/07 23:06:34 [Note]: 7026 0

06/25/07 23:06:34 [Note]: 7026 0

06/25/07 23:06:54 [Note]: FSRAW library version 1.7.1022

06/26/07 00:49:33 [Note]: 7007 0

Share this post


Link to post
Share on other sites

I don’t see anything there either. Let’s see if CCleaner can help us uninstall that weird entry in your Add/Remove programs. You can download the latest version here:

http://www.filehippo.com/download_ccleaner.html

 

Install it, but do not install Yahoo Toolbar that comes with it!

 

Open it

On the left, click on the Tools button.

There You'll see all the Add/Remove listings on the right side.

Highlight ?E?eXPAcAe±M•~ac to remove it, and select Run uninstaller button.

If this doesn't work, try again with Delete entry button.

Share this post


Link to post
Share on other sites

Yes I can still see it in HJT.

 

Here is the uninstall list in CCleaner

 

1300Tour

1300Trb

1300_Help

1300

Ad-Aware SE Professional

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Shockwave Player

AdobeR PhotoshopR Album Starter Edition 3.2

Ahead Nero BurnRights

AIOMinimal

AiOSoftware

AiO_Scan

ANWIDA Soft GEQ15P 1.0

Apple Software Update

AVG Anti-Spyware 7.5

CCleaner (remove only)

Chinese (Traditional) Language Support

Copy

CreativeProjects

Director

DivX Web Player

DocProc

DoMore

DVD

EAX Unified (SHELL)

Fax

Gateway Ink Monitor

HijackThis 1.99.1

Hotfix for Windows XP (KB914440)

HP Photo & Imaging 3.1

HP PSC & OfficeJet 3.0

HP Software Update

hpmdtab

HPSystemDiagnostics

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iPod for Windows 2005-09-23

iTunes

Logitech SetPoint

Macromedia Flash Player 8

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft Data Access Components KB870669

Microsoft Learning and Research Plus Support Files

Microsoft Office Standard Edition 2003

Microsoft Picture It! Express 7.0

Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

Microsoft Visual Basic 6.0 Professional Edition

Microsoft Web Publishing Wizard 1.53

Microsoft Works 7.0

Mozilla Firefox (2.0.0.4)

MSN Internet Software

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MUSICMATCH?Jukebox

Nero OEM

Ofoto Easy Upload ActiveX Control

PC-Doctor for Windows

PhotoGallery

PrintScreen

Q9 XP Big5 Pro

QFolder

QuickProjects

QuickTime

Readme

Scan

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Shaw Secure

Shockwave

SkinsHP1

SkinsHP2

Spybot - Search & Destroy 1.4

TI Connect 1.6

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

URGE

USB2.0 PC Camera (SN9C201&202)

Ventrilo Client

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Anti-Spy

Yahoo! Install Manager

Yahoo! Toolbar

九方XP繁體專業版

 

 

And here is the list in HJT.

 

?E?eXPAcAe±M·~ac

Ad-Aware SE Professional

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Shockwave Player

Ahead Nero BurnRights

Apple Software Update

AVG Anti-Spyware 7.5

CCleaner (remove only)

Chinese (Traditional) Language Support

DivX Web Player

DoMore

DVD

EAX Unified (SHELL)

Gateway Ink Monitor

HijackThis 1.99.1

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

HP Photo & Imaging 3.1

HP PSC & OfficeJet 3.0

HP Software Update

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iPod for Windows 2005-09-23

iTunes

Logitech SetPoint

Macromedia Flash Player 8

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Learning and Research Plus Support Files

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Picture It! Express 7.0

Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

Microsoft Visual Basic 6.0 Professional Edition

Microsoft Web Publishing Wizard 1.53

Microsoft Works 7.0

Mozilla Firefox (2.0.0.4)

MSN Internet Software

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MUSICMATCH?Jukebox

Nero OEM

Ofoto Easy Upload ActiveX Control

overland

PC-Doctor for Windows

Q9 XP Big5 Pro

QuickTime

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Shaw Secure

Shockwave

Spybot - Search & Destroy 1.4

TI Connect 1.6

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

URGE

USB2.0 PC Camera (SN9C201&202)

Ventrilo Client

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Anti-Spy

Yahoo! Install Manager

Yahoo! Toolbar

Share this post


Link to post
Share on other sites

They both show a weird entry, CCleaner at the bottom and HJT at the beginning. Did you try to uninstall or delete the weird one in CCleaner?

Share this post


Link to post
Share on other sites

九方XP繁體專業版 is a program that allows Chinese characters to be typed on a computer. (Or so I think)

Share this post


Link to post
Share on other sites

Interesting!!! I have never seen that kind of entry before, but I think you’re right. It seems to belong to some kind of Chinese software.

 

Let’s see if you can find the other weird entry in this registry key. Go to start/run and type in regedit and press ok

then follow the path of the next registry key…

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

 

and check to see if you can find the ?E?eXPAcAe±M•~ac entry there.

 

Don’t do anything else, just tell me if you see it.

Edited by iguagaby

Share this post


Link to post
Share on other sites

I'm not sure about what you mean by "uninstall key". The path HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall works but I just cannot find the entry ?E?eXPAcAe±M•~ac.

Share this post


Link to post
Share on other sites

That is totally crazy!!!! It shows in HJT Add/Remove list, but not in the uninstall registry key. That could mean that it doesn't have an uninstaller. Let's try the following:

 

Sometimes spyware does change files in the system. If the Winsock Keys are affected it creates problems. Just in case, let’s try rebuilding your Winsock keys by running WinsockFix here:

 

http://www.snapfiles.com/get/winsockxpfix.html

 

See if that helps, and let me know.

Share this post


Link to post
Share on other sites

That program was only meant to try to fix the internet connection resetting problem. If it didn't help, let me know, and then I can think of something else to find that file again. I'm wondering if it's the same file for the Chinese software, but HJT reads it different than CCleaner. That could be a possibility, but still it's kind of weird that we can't find it.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0