Jump to content


Photo

Help


  • This topic is locked This topic is locked
80 replies to this topic

#1 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 03 June 2007 - 07:22 PM

Hey, I'm new here and my computer's internet connection was constantly being reset. Whenever I tried playing games with my friends using MSN, the MSN would crash. I thought that the problem was my LimeWire and Azureus because there were rumors about those programs having viruses. I uninstalled them and downloaded Ares instead. When I tried to open Ares, my computer would restart. So I asked my friend about this and he said to scan with Spybot: Search and Destroy and Lavasoft's Ad-Aware's SE Professional. He said if I had more problems I should download HijackThis and post my results on a forum. Well I still had problems after using SpyBot and Lavasoft so I downloaded HijackThis and this is the log file.

My computer connection has been resetting itself much more than it had before, so I saved a new HijackThis logfile. If you want to see the one I took one June 3rd just send me a message.

Logfile of HijackThis v1.99.1
Scan saved at 4:59:37 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Your help is much appreciated. Thanks in advance!

Edited by JKWong, 10 June 2007 - 07:02 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 06 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 10 June 2007 - 11:02 PM

Hi JKWong,

Sorry for the delay!!! We are just too busy.

Please post a fresh HJT log as requested, just is case there are any new changes.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#4 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 15 June 2007 - 03:58 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:06:07 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This is a more updated log file...your help is greatly appreciated! Thanks in advance!

#5 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 15 June 2007 - 09:14 PM

Hi JKWong,

Unless something is hiding, there isn’t too much to worry about. Let’s try the following program to see if it finds something for us.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update".
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet

Please disable AdWatch, as it may hinder the AVG Anti-Spyware’s scan and cleaning process. You can re-enable it later again.

To disable AdWatch:
  • Open AdAware SE.
  • Go to AdWatch User Interface .
  • Go to Tools and Preferences.
    At the bottom of the screen you will see 2 options Active and Automatic.
  • Active : This will turn Ad-Watch On\Off without closing it
  • Automatic : Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
After all of the steps are complete, it is very important that you enable AdWatch again.

Reboot into Safe Mode by restarting the computer; then repeatedly hit F8 while rebooting until you see the Windows Advanced Options menu. Use the arrow keys to highlight safe mode from the menu and press Enter.

While in safe mode, run a complete system scan with AVG Anti-Spyware.
IMPORTANT: Do not open any other windows or programs during the scan, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot normally.


Your Adobe Acrobat Reader is outdated. You can go here to download the latest version:
http://www.macminute...acrobat-update/

Your java needs to be updated as well. Please do the following to update it.

1. Close any open programs you may have running, especially your web browser.

2. Click Start/Control Panel
Depending on your OS or configuration, you may have to click Start/Settings/Control Panel

3. Open Add or Remove Programs.

4. Click once on any item listing Java Runtime Environment in the name.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.

5. Click the Remove or Change/Remove button.

6. Follow steps 4 and 5 as many times as necessary to remove all versions of Java.

7. Also, search "Programs" and "Application Data" and remove old version files manually.
C:\Program Files\
C:\Documents and Settings\USERNAME\Application Data\

8. Reboot your PC once all Java components have been removed.

9. To reinstalling Java go here…
http://www.java.com/...nload/index.jsp
…and install the latest version from the website.

10. Then reboot your system.

My trust for any P2P program that brings ads to my system is zero. I would suggest getting Shareaza instead of having Ares. Shareaza brings absolutely no ads at all. Here is the download page:

http://www.shareaza.com/?id=download

Make sure you have absolutely no files left of LimeWire, Azureus or Ares if you decide to get Shareaza. If you decide to keep Ares, it’s up to you, but do find and get rid of any files from the other two programs.

There are Three entries like the following in your log. Do they belong to your ISP or company network?

O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1

I would like to see another HJT log please, along with the AVG Anti-Spyware report.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#6 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 17 June 2007 - 12:04 AM

When I scanned AVG-Antispyware in safe mode, the first scan had 168 infected objects, 1 low risk, 1 high risk, and the rest were medium risks. However, when I tried to save a report, the button would be gray (I was unable to click it). I scanned it again and had 1 infected object that was a medium risk. When I removed Java from my computer and tried to re-install it I got an error saying: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. Also, if you could provide steps on how to upgrade my Adobe it would be greatly appreciated. (I don't know how to use the file that was downloaded ==') 192.168.0.1 is my computer's IP Address. Here is the HijackThis logfile, I apologize for not being able to provide a AVG-Antispyware report.


Logfile of HijackThis v1.99.1
Scan saved at 9:49:46 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Your help is greatly appreciated, and is a lot of help. Thanks again in advance!

#7 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 17 June 2007 - 07:01 PM

OK here are the steps to download and install Adobe Reader. You can delete the file you downloaded before if you want to start from the beginning, otherwise just do steps 9 and 10.

1. Go here to download: http://www.adobe.com.../readstep2.html
2. Uncheck the Adobe Photoshop® Album Starter Edition unless you want to download it as well.
3. Click the Download Adobe Reader button
4. Save the file when prompted with a File Download window
5. Make sure Save this program to disk is selected and click OK.
6. Choose to save the file to the desktop. Click the down arrow at the top of the dialog window and choose Desktop
7. Click SAVE to start the download.
8. Once the download finishes, quit your web browser and close all other open applications before installing it
9. Now to install, double click the file you downloaded.
10. Follow the instructions to install the program on your hard drive. Click YES / NEXT / OK as they come up.

It sounds weird that the Java installation gave you problems. Did you try installing it again?

Just so you know, most those multiple 018 items in the log are the result of the Logitech Desktop Messenger which gets installed along with another Logitech program because the EULA agreement is not read. It is also a resource hog. Unless you use it, you can remove Desktop Messenger in Add Remove programs.

When you are done that, open HJT and make sure all browsers and windows are closed except for Hijackthis and click Do a system scan only and put a check next to the following:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

If you decided to remove the Desktop Messenger, also put a check next to all the multiple 018 entries related to Logitech Messenger like the following one:

O18 - Protocol: bw+0 - {3173E510-35B2-4CE1-98F6-1C1E8E36AF5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Then click Fix Checked and reboot

Please go to Jotti's Malware Scan and submit the following file (if found) for a scan and post the results in your next reply:

"D:\VSc\Enu\mcappins.exe" vsocfg.ini

Please post another HJT log and tell me if you still have any problems.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#8 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 17 June 2007 - 08:15 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:12:44 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I couldn't find the file "D:\VSc\Enu\mcappins.exe" vsocfg.ini. I also have tried to re-install Java several times, every time had the same problem. Thanks for helping me re-install Adobe, and your help is once again much appreciated. Thanks in advance again!

#9 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 17 June 2007 - 09:05 PM

Make sure you are set to show hidden files and folders. Follow instructions here:
Show Hidden Files and Folders

Then try to find and submit that file again, please.

I'll get back to you about Java after my visit leaves.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#10 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 17 June 2007 - 09:41 PM

Yeah, I already had my hidden folder and files showing, I still couldn't find that file.

#11 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 18 June 2007 - 12:30 AM

Try the Java download here:
http://www.java.com/...load/manual.jsp

Click on the Windows download. It is the first one at the top. You may want to bookmark the page in case you need to go back to it again. Let me know if it works.

About the file I ask you to submit, it belongs to McFee, except the name doesn’t seem to match. Did you have McFee software install before?

What problems do you still have?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#12 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 18 June 2007 - 01:49 AM

The Java download still doesn't work, and are you talking about McAfee or McFee? I had McAfee installed on my computer before, and I'm not exactly sure what McFee is. The only problems I can think of is the search crashes and my internet connection resetting every couple of minutes.

#13 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 18 June 2007 - 07:21 PM

are you talking about McAfee or McFee? I had McAfee installed on my computer before

My typo mistake, I did mean McAfee. I have to be more careful when I'm tired.

You could be having file conflicts because I also noticed Symantec files as well. Maybe you also had Symantec Antivirus before. Can you see anything related to those two Antivirus in your Add/Remove programs? If you do, try to uninstall whatever you see related to them that you don't have there by choice.

Let’s try to get rid of any McAfee left over files. Go here and download RegSeeker:

http://www.majorgeek...wnload2579.html

The download link is just bellow the “Free Downloads from” you see in that page.

Extract all the files into a folder of its own and safe it in your document.
Then open the folder and click “RegSeeker” to open the program.

The program will show you many options.

Below the name “RegSeeker” click “Find in Registry.”
Copy and paste McAfee in the Search for window.
Click “Search”.

Once it finds it/them, highlight the entry/entries first. Then right click on it/them and choose delete.

If it doesn’t find it/them, set your PC to show all files again. Then try a second time. Hide your files/folders when done.

If the Symantec files are there by choice, leave them, otherwise you can do the same for those as well.

After you do this clean up, reboot to allow changes and please post another HJT log.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#14 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 18 June 2007 - 09:45 PM

I couldn't find any Symantec files in my computer.

Logfile of HijackThis v1.99.1
Scan saved at 7:24:51 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#15 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 June 2007 - 12:31 AM

OK, it is quite surprising you didn’t find any Symantec files because they clearly show in your log. Let’s try to deal with them with HJT. Make sure you are set to show hidden files and folders.

When you are done this, open HJT and make sure all browsers and windows are closed except for hijackthis and click Do a system scan only and put a check next to the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Then click Fix Checked.

After that, reboot into Safe Mode by restarting the computer; then repeatedly hit F8 while rebooting until you see the Windows Advanced Options menu. Use the arrow keys to highlight safe mode from the menu and press Enter.

Now Using Windows Explorer, please search for and delete the following if found:

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Remember to hide your files/folders again when you are done.

Reboot normally.

Please do the following for me.

1. Open HJT
2. Click “Open The Misc Tools Section
3. Click “Open Uninstall Manager…
4. Click “Safe List…
5. Notepad will open up with a text. Copy and paste that text in your next reply, along with another log.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#16 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 June 2007 - 03:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:00:49 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)


I am hoping that "Safe List" was a typo meaning "Save List"

?E?eXPAcAe±M·~ac
Ad-Aware SE Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Ahead Nero BurnRights
Apple Software Update
AVG Anti-Spyware 7.5
Chinese (Traditional) Language Support
DivX Web Player
DoMore
DVD
EAX™ Unified (SHELL)
Final Fantasy VII XP Patch
FINAL FANTASY VIII
Gateway Ink Monitor
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iPod for Windows 2005-09-23
iTunes
LiveUpdate 2.0 (Symantec Corporation)
Logitech SetPoint
Macromedia Flash Player 8
MapleStory
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works 7.0
Mozilla Firefox (2.0.0.4)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MUSICMATCH?Jukebox
Nero OEM
Norton WMI Update
Ofoto Easy Upload ActiveX Control
overland
PC-Doctor for Windows
Q9 XP Big5 Pro
QuickTime
SCAR Divi CDE 3.06
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shaw Secure
Shockwave
Spybot - Search & Destroy 1.4
SwiftSwitch
Symantec Network Driver Update
TI Connect 1.6
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URGE
USB2.0 PC Camera (SN9C201&202)
Ventrilo Client
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar

Another thing is when I typed "msconfig" in run, I went to startup and found "D:\VSc\Enu\mcappins.exe" vsocfg.ini there.

Edited by JKWong, 19 June 2007 - 03:10 PM.


#17 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 June 2007 - 08:42 PM

Yes, you’re right, another typo.

The first entry in your Add/Remove programs is totally unknown to me. It looks like something you should uninstall as soon as possible if you are able to. If you can’t, let me know. It could be the one responsible for this "D:\VSc\Enu\mcappins.exe" vsocfg.ini entry in your log.

The last three entries I have in this list, which are in your Add/Remove programs, are related to Norton software, and I still see the entries in your HJT log. Do you use them? If you don’t use them, I would uninstall them for sure through Add/Remove.

Did you on purpose install the rest of the programs I have in this list? Most of them are related to games.

?E?eXPAcAe±M•~ac
DoMore
EAX™ Unified
Final Fantasy VII XP Patch
FINAL FANTASY VIII
MapleStory
Overland
Q9 XP Big5 Pro
SCAR Divi CDE 3.06
SwiftSwitch
TI Connect 1.6
URGE
Ventrilo Client

LiveUpdate 2.0 (Symantec Corporation)
Norton WMI Update
Symantec Network Driver Update
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#18 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 June 2007 - 08:57 PM

I removed LiveUpdate 2.0 (Symantec Corporation) and Norton WMI Update with Add/Remove programs, and I couldn't find Symantec Network Driver Update in Add/Remove programs. Most of the items in your list are games that I used to play, but don't anymore. I can try to remove all the items you have on the list, but I'm not sure what the first entry is.

#19 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 June 2007 - 11:39 PM

If you don't use those programs, I would strongly suggest you remove them because they're just using resources and that slow down your system. As for the first entry, I have a strong feeling is nothing but bad news. Let see if HJT can give us more info on it. Please do the following:

1. Open HJT
2. Click Open The Misc Tools Section
3. Click Open Uninstall Manager…
4. Look for ?E?eXPAcAe±M•~ac in the list, highlighted and check in the Name: window. Tell me what you see there, please. It should tell you the name of the program that entry belongs to.

While you have HJT Open Uninstall Manager… window open, look for Symantec Network Driver Update. You should be able to see it there. You can delete it from there if you like, by highlighting it and clicking the Delete this entry button.

Let me know how it goes.

Edited by iguagaby, 19 June 2007 - 11:39 PM.

THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#20 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 June 2007 - 01:07 AM

I think ?E?eXPAcAe¡ÓM¡P~ac is the problem in my computer, because all it said was ?E?eXPAcAe¡ÓM¡P~ac with no uninstall command either.

#21 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 20 June 2007 - 10:20 AM

I'm not surprise there isn't much info on the D:\VSc\Enu\mcappins.exe" vsocfg.ini entry. Try deleting it with the Delete this entry comand in HJT. Let me know if it works. Just make sure you highlight the right entry before clicking the delete button.

Were you able to get rid of Symantec Network Driver Update?

I have to get ready to start work now. I'll ckeck on you later.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#22 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 June 2007 - 02:47 PM

I couldn't get rid of ?E?eXPAcAe¡ÓM¡P~ac by clicking Delete this entry, whenever I did, it would just reappear.

#23 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 20 June 2007 - 06:17 PM

Try it again in safe mode, and let me know if it works. If it doesn't, we can try something else.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#24 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 June 2007 - 07:15 PM

It didn't work in safe mode either. By the way, I think i was able to remove the Symantec Network Driver Update

#25 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 21 June 2007 - 10:28 AM

Hi JKWong,

I tried to reply to you yesterday, but I kept on getting the “too many connections” error every time. At least you got rid of the Symantec Network Driver Update just in case it was creating conflicts. I’ll get back to you later with the next thing we can try. I’m not sure when that would be because it’s going to be a long day today. If I have a chance, I’ll do it before I go home, but now I have to start work.

Take care!!!
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#26 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 21 June 2007 - 09:00 PM

Ok, let's try the following:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I'm still at work, but I had a bit of a break.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#27 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 June 2007 - 10:42 PM

ComboFix 07-06-21.3 - C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
"Jonathan" - 2007-06-21 19:58:41 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Jonathan\Desktop.\internet explorer.lnk
C:\WINNT\system32\msxml3a.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 19:29 49,152 --a------ C:\WINNT\nircmd.exe
2007-06-16 22:18 <DIR> d-------- C:\Program Files\iTunes
2007-06-16 22:14 <DIR> d-------- C:\Program Files\QuickTime
2007-06-16 10:36 <DIR> d-------- C:\Program Files\Ares
2007-06-15 20:02 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-06-08 18:43 <DIR> d-------- C:\Program Files\SCAR 3.06
2007-06-03 15:35 <DIR> d-------- C:\WINNT\.jagex_cache_32
2007-06-02 23:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-02 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-31 21:07 <DIR> d-------- C:\DOCUME~1\Jonathan\APPLIC~1\AdobeUM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 21:52:52 -------- d-----w C:\Program Files\Warcraft III
2007-06-20 01:54:01 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-18 01:10:02 6,612 ----a-w C:\WINNT\mozver.dat
2007-06-18 00:34:45 -------- d-----w C:\Program Files\Logitech
2007-06-17 21:12:52 -------- d-----w C:\Program Files\MSN Messenger
2007-06-17 05:19:00 -------- d-----w C:\Program Files\iPod
2007-05-17 01:30:47 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:12:02 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-05-06 21:06:24 -------- d-----w C:\Program Files\DivX
2007-04-27 05:59:03 -------- d-----w C:\Program Files\Apple Software Update
2007-04-25 14:21:15 144,896 ----a-w C:\WINNT\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINNT\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINNT\system32\muweb.dll
2007-04-12 04:58:33 40 ----a-w C:\WINNT\system32\q9sdyd.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll [2004-09-29 12:02]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINNT\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINNT\KHALMNPR.Exe]
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2005-10-25 18:51]
"F-Secure TNB"="C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" [2005-07-18 07:51]
"F-Secure Startup Wizard"="C:\Program Files\Shaw Secure\FSGUI\FSSW.exe" [2005-10-18 01:29]
"News Service"="C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" [2005-05-31 05:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINNT\System32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINNT\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINNT\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINNT\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
"C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
2007-06-20 00:42:45 C:\WINNT\tasks\AppleSoftwareUpdate.job
2004-05-07 13:09:15 C:\WINNT\tasks\ISP signup reminder 1.job
2004-05-18 06:30:00 C:\WINNT\tasks\ISP signup reminder 2.job
2007-06-22 00:04:53 C:\WINNT\tasks\Scheduled scanning task.job
2007-03-21 13:51:00 C:\WINNT\tasks\WebReg 20040507065120.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 20:22:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-21 20:28:49
C:\ComboFix-quarantined-files.txt ... 2007-06-21 20:28

--- E O F ---

#28 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 23 June 2007 - 12:43 AM

Let see if you are able to check some files. Go to Jotti's Malware Scan and submit the following files, one at the time, (if found) for a scan and post the results in your next reply:

C:\WINNT\nircmd.exe
C:\WINNT\system32\q9sdyd.bin
C:\WINNT\tasks\WebReg 20040507065120.job


You can try this site also:
http://www.virustota.../en/indexf.html
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#29 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 24 June 2007 - 08:30 PM

Scan Results for C:\WINNT\nircmd.exe

Scanner results
Scan taken on 25 Jun 2007 00:51:40 (GMT)
A-Squared
Found Heuristic.Dialer.RAS
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Scan Results for C:\WINNT\system32\q9sdyd.bin

Scan taken on 25 Jun 2007 01:08:31 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Scan Results for C:\WINNT\tasks\WebReg 20040507065120.job

Scan taken on 25 Jun 2007 01:14:33 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#30 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 24 June 2007 - 09:34 PM

Now, let's try HJT “Delete a file on reboot” function to get rid of the C:\WINNT\nircmd.exe file.

Make sure all browsers and windows are closed

Open HJT again and do the following:

1. Click on “Open the Misc. tool Section.
2. Click the "Delete a file on reboot."
3. Then Copy and paste the file bellow in the "File name" window.

C:\WINNT\nircmd.exe

4. Select "Open."
5. Select "Delete a file on reboot" and select "Yes" when asked to reboot.

Then, please post another HJT log for me to see, and tell me if you notice any improvement.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#31 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 24 June 2007 - 09:53 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:52:49 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#32 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 24 June 2007 - 10:54 PM

It looks like we got rid of the O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini file. I don’t see it anymore.

try checking for the other weird entry in your Add/Remove using HJT.

1. Open HJT
2. Click Open The Misc Tools Section
3. Click Open Uninstall Manager…
4. Look for ?E?eXPAcAe±M•~ac to see if it's still there.

I’m suspicious of the following file. Can you please search for it in your system and check its properties and tell me if it belongs to the F-Secure software. If it doesn’t, we’ll need to get rid of it. The little "~" usually stands for more characters in the file name.

C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE

There is a 09 entry that we need to fix. You have to be very careful to check the right one. There are two similar. Make sure you check the one that has the no name on it. There is also the Symantec entry still showing. So go ahead and open HJT and make sure all browsers and windows are closed except for hijackthis and click Do a system scan only and put a check next to the following:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


Then click Fix Checked.

Using Windows Explorer, please search for and delete the following folder if found:

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Try in safe mode if you need to.

Reboot normally, and remember to let me know of any improvements if you see any.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#33 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 25 June 2007 - 01:14 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:11:44 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DF41FD-DE82-45BC-B598-CCE9A0C91296}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

My internet connection seems still disconnect now and then. I can't seem to get rid of the ?E?eXPAcAe±M•~ac and I removed the Symantec thing again (I hope). I couldnt find C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE in my computer, searching in normal and safe mode.

Edited by JKWong, 25 June 2007 - 06:05 PM.


#34 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 25 June 2007 - 07:05 PM

The Symantec left over is still there in your log, but don't worry about it for now.

Please download the latest version of RootKitRevealer from here:
http://filehippo.com...otkit_revealer/
There's no installation process; simply unzip the files to the desktop, turn off all other programs, open RootkitRevealer.exe, click the Scan button in the lower left corner of the application's window, and sit back, put down the mouse, and let the program do its work.. This will generate a log file; please post the entire contents of the log file here for me to see.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#35 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 25 June 2007 - 08:31 PM

HKU\.DEFAULT\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKU\S-1-5-21-3581479435-965929664-111260471-1008\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKU\S-1-5-21-3581479435-965929664-111260471-1008\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKU\S-1-5-21-3581479435-965929664-111260471-1008\Software\F-Secure\Anti-Spyware\time 6/25/2007 5:41 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-3581479435-965929664-111260471-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Wbanguna\Erprag\ubg jbzra svatrevat urefrys.... ahqr frk ch 6/25/2007 5:41 PM 16 bytes Hidden from Windows API.
HKU\S-1-5-18\Control Panel\International 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 6/21/2007 8:28 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10/6/2003 12:46 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10/6/2003 12:46 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Hewlett-Packard\HP Software Update\enumDone 4/15/2007 6:07 PM 3 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 10/18/2006 5:19 PM 0 bytes Access is denied.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\chenchen262@hotmail.com\DFSR\Staging\CS{8A37D73A-111B-A821-D299-81AD2BFBEF28}\01\234-{8A37D73A-111B-A821-D299-81AD2BFBEF28}-v1-{6AD00 6/3/2007 8:53 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\crashintoy0u@hotmail.com\DFSR\Staging\CS{CBED7A7C-5B71-B8FE-B1CA-3C82A548DDF1}\01\166-{CBED7A7C-5B71-B8FE-B1CA-3C82A548DDF1}-v1-{6AD0 10/20/2006 10:48 AM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\01\228-{A3520C43-2D5E-855E-6C1A-F66F16C507B7}-v1 11/12/2006 2:33 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\29\618-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v2 3/29/2007 10:56 AM 18.21 KB Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\29\618-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v2 3/29/2007 10:56 AM 2.00 KB Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\dennis_the_menance@hotmail.com\DFSR\Staging\CS{A3520C43-2D5E-855E-6C1A-F66F16C507B7}\76\1476-{FA13E046-D05C-41C7-A470-43918855DC9A}-v 6/2/2007 9:59 PM 19.78 KB Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\djchow92@hotmail.com\DFSR\Staging\CS{5DC1DA30-85F6-95CA-C980-D1A28D9781DC}\01\232-{5DC1DA30-85F6-95CA-C980-D1A28D9781DC}-v1-{6AD007D1 3/6/2007 8:58 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\00\100-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v100-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\00\100-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v100-{F 11/6/2006 10:04 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\101-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v101-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\101-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v101-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\12-{C510B5BD-2C76-5A95-60D0-DE037F4B6668}-v1-{6AD0 10/12/2006 8:47 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\01\201-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v201-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\102-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v102-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\102-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v102-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\02\202-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v202-{F 11/6/2006 10:09 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\03\103-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v103-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\03\103-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v103-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\04\104-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v104-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\04\104-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v104-{F 11/6/2006 10:04 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\05\105-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v105-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\05\205-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v205-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\106-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v106-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\106-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v106-{F 11/6/2006 10:04 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\06\206-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v206-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\07\107-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v107-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\07\207-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v207-{F 11/6/2006 10:09 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\108-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v108-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\108-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v108-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\08\208-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v208-{F 11/6/2006 10:09 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\109-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v109-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\109-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v109-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\09\209-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v209-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\110-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v110-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\110-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v110-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\10\210-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v210-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\111-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v111-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\111-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v111-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\11\211-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v211-{F 11/6/2006 10:09 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\112-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v112-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\112-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v112-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\12\212-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v212-{F 11/6/2006 10:09 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\13\113-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v113-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\114-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v114-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\114-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v114-{F 11/6/2006 10:04 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\14\214-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v214-{F 11/6/2006 10:09 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\115-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v115-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\115-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v115-{F 11/6/2006 10:04 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\15\215-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v215-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\116-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v116-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\116-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v116-{F 11/6/2006 10:04 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\16\216-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v216-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\117-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v117-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\117-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v117-{F 11/6/2006 10:04 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\17\217-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v217-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\18\118-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v118-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\18\218-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v218-{F 11/6/2006 10:10 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\19\119-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v119-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\19\119-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v119-{F 11/6/2006 10:04 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\120-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v120-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\120-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v120-{F 11/6/2006 10:04 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\220-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v220-{F 11/6/2006 10:10 PM 136 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\20\320-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v320-{F 11/11/2006 4:16 PM 392 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\121-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v121-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\221-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v221-{F 11/6/2006 10:10 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\21\321-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v321-{F 11/11/2006 4:16 PM 2.00 KB Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\122-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v122-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\122-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v122-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\22\222-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v222-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\123-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v123-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\123-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v123-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\23\223-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v223-{F 11/6/2006 10:10 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\24\124-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v124-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\24\124-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v124-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\25\125-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v125-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\25\125-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v125-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\26\126-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v126-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\26\126-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v126-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\27\127-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v127-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\27\127-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v127-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\28\128-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v128-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\28\128-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v128-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\29\129-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v129-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\29\129-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v129-{F 11/6/2006 10:05 PM 168 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\30\130-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v130-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\30\130-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v130-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\31\131-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v131-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\31\131-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v131-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\132-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v132-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\132-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v132-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\32\332-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v332-{F 11/12/2006 9:41 PM 160 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\33\133-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v133-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\33\133-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v133-{F 11/6/2006 10:05 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\134-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v134-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\134-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v134-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\34\334-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v334-{F 11/12/2006 9:42 PM 1.90 KB Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\35\135-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v135-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\35\135-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v135-{F 11/6/2006 10:05 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\36\136-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v136-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\36\136-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v136-{F 11/6/2006 10:05 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\37\137-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v137-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\37\137-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v137-{F 11/6/2006 10:05 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\38\138-{6AD007D1-D0C2-49C0-A981-C12E7B85D08E}-v138-{6 10/17/2006 7:36 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\38\138-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v138-{F 11/6/2006 10:05 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\39\139-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v139-{F 11/6/2006 10:06 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\40\140-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v140-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\41\141-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v141-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\42\142-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v142-{F 11/6/2006 10:06 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\43\143-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v143-{F 11/6/2006 10:06 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\43\43-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v43-{F6E 10/12/2006 8:47 PM 232 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\44\144-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v144-{F 11/6/2006 10:06 PM 224 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\45\145-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v145-{F 11/6/2006 10:06 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\45\45-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v45-{F6E 10/12/2006 8:48 PM 960 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\47\147-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v147-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\47\47-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v47-{F6E 10/12/2006 8:48 PM 776 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\48\148-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v148-{F 11/6/2006 10:06 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\48\48-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v48-{F6E 10/12/2006 8:48 PM 1008 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\49\149-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v149-{F 11/6/2006 10:06 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\52\152-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v152-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\53\153-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v153-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\54\154-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v154-{F 11/6/2006 10:06 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\55\155-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v155-{F 11/6/2006 10:06 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\56\156-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v156-{F 11/6/2006 10:06 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\57\157-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v157-{F 11/6/2006 10:07 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\58\158-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v158-{F 11/6/2006 10:07 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\59\159-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v159-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\60\160-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v160-{F 11/6/2006 10:07 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\61\161-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v161-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\62\162-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v162-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\63\163-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v163-{F 11/6/2006 10:07 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\64\164-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v164-{F 11/6/2006 10:07 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\65\165-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v165-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\66\166-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v166-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\66\66-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v66-{F6E 11/6/2006 9:58 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\67\167-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v167-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\67\67-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v67-{F6E 11/6/2006 9:58 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\68\168-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v168-{F 11/6/2006 10:07 PM 128 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\68\68-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v68-{F6E 11/6/2006 9:59 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\69\169-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v169-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\69\69-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v69-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\70\170-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v170-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\70\70-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v70-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\71\171-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v171-{F 11/6/2006 10:07 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\71\71-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v71-{F6E 11/6/2006 10:02 PM 72 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\72\172-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v172-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\72\72-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v72-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\73\173-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v173-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\73\73-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v73-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\74\174-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v174-{F 11/6/2006 10:07 PM 128 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\74\74-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v74-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\75\175-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v175-{F 11/6/2006 10:07 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\75\75-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v75-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\76\176-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v176-{F 11/6/2006 10:08 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\77\177-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v177-{F 11/6/2006 10:08 PM 120 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\77\77-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v77-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\78\178-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v178-{F 11/6/2006 10:08 PM 96 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\78\78-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v78-{F6E 11/6/2006 10:02 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\79\179-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v179-{F 11/6/2006 10:08 PM 88 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\79\79-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v79-{F6E 11/6/2006 10:02 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\80\180-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v180-{F 11/6/2006 10:08 PM 112 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\80\80-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v80-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\81\181-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v181-{F 11/6/2006 10:08 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\81\81-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v81-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\82\182-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v182-{F 11/6/2006 10:08 PM 104 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jamessosailee@hotmail.com\DFSR\Staging\CS{C510B5BD-2C76-5A95-60D0-DE037F4B6668}\82\82-{F6E0E1BD-8460-4724-BABD-E9ED7839C687}-v82-{F6E 11/6/2006 10:02 PM 80 bytes Hidden from Windows API.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\SharingMetadata\jame

#36 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 25 June 2007 - 11:04 PM

I can't see anything to worry about there.

Download Blacklight from this website:
http://www.f-secure.com/blacklight/
Save it to your desktop and double click on the file.

Make sure you close everything else, and then have it scan your computer but do not try to fix or delete anything identified by the tool, it may list legitimate programs.

If the scan does find anything then copy and paste the log back to this thread. The log should be on your desktop or root directory (C:\). This is the format for the log file name:
fsbl-<date-and-time>.log

If you have any trouble finding it do a search for fsbl*.log.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#37 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 26 June 2007 - 03:35 PM

I'm not sure if this is the log file, but it appeared on my desktop after the scan.

06/25/07 23:06:24 [Info]: BlackLight Engine 1.0.64 initialized
06/25/07 23:06:24 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/25/07 23:06:25 [Note]: 7019 4
06/25/07 23:06:25 [Note]: 7005 0
06/25/07 23:06:30 [Note]: 7006 0
06/25/07 23:06:30 [Note]: 7011 6256
06/25/07 23:06:34 [Note]: 7026 0
06/25/07 23:06:34 [Note]: 7026 0
06/25/07 23:06:54 [Note]: FSRAW library version 1.7.1022
06/26/07 00:49:33 [Note]: 7007 0

#38 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 26 June 2007 - 11:31 PM

I don’t see anything there either. Let’s see if CCleaner can help us uninstall that weird entry in your Add/Remove programs. You can download the latest version here:
http://www.filehippo...d_ccleaner.html

Install it, but do not install Yahoo Toolbar that comes with it!

Open it
On the left, click on the Tools button.
There You'll see all the Add/Remove listings on the right side.
Highlight ?E?eXPAcAe±M•~ac to remove it, and select Run uninstaller button.
If this doesn't work, try again with Delete entry button.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#39 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 26 June 2007 - 11:38 PM

I couldn't find ?E?eXPAcAe±M•~ac in the list.

#40 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 27 June 2007 - 10:24 AM

But you still see it with HJT, correct?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#41 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 27 June 2007 - 01:40 PM

Yes I can still see it in HJT.

Here is the uninstall list in CCleaner

1300Tour
1300Trb
1300_Help
1300
Ad-Aware SE Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
AdobeR PhotoshopR Album Starter Edition 3.2
Ahead Nero BurnRights
AIOMinimal
AiOSoftware
AiO_Scan
ANWIDA Soft GEQ15P 1.0
Apple Software Update
AVG Anti-Spyware 7.5
CCleaner (remove only)
Chinese (Traditional) Language Support
Copy
CreativeProjects
Director
DivX Web Player
DocProc
DoMore
DVD
EAX™ Unified (SHELL)
Fax
Gateway Ink Monitor
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iPod for Windows 2005-09-23
iTunes
Logitech SetPoint
Macromedia Flash Player 8
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Learning and Research Plus Support Files
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works 7.0
Mozilla Firefox (2.0.0.4)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MUSICMATCH?Jukebox
Nero OEM
Ofoto Easy Upload ActiveX Control
PC-Doctor for Windows
PhotoGallery
PrintScreen
Q9 XP Big5 Pro
QFolder
QuickProjects
QuickTime
Readme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shaw Secure
Shockwave
SkinsHP1
SkinsHP2
Spybot - Search & Destroy 1.4
TI Connect 1.6
TrayApp
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URGE
USB2.0 PC Camera (SN9C201&202)
Ventrilo Client
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar
九方XP繁體專業版


And here is the list in HJT.

?E?eXPAcAe±M·~ac
Ad-Aware SE Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Ahead Nero BurnRights
Apple Software Update
AVG Anti-Spyware 7.5
CCleaner (remove only)
Chinese (Traditional) Language Support
DivX Web Player
DoMore
DVD
EAX™ Unified (SHELL)
Gateway Ink Monitor
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iPod for Windows 2005-09-23
iTunes
Logitech SetPoint
Macromedia Flash Player 8
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works 7.0
Mozilla Firefox (2.0.0.4)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MUSICMATCH?Jukebox
Nero OEM
Ofoto Easy Upload ActiveX Control
overland
PC-Doctor for Windows
Q9 XP Big5 Pro
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shaw Secure
Shockwave
Spybot - Search & Destroy 1.4
TI Connect 1.6
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URGE
USB2.0 PC Camera (SN9C201&202)
Ventrilo Client
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar

#42 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 27 June 2007 - 07:07 PM

They both show a weird entry, CCleaner at the bottom and HJT at the beginning. Did you try to uninstall or delete the weird one in CCleaner?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#43 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 27 June 2007 - 08:31 PM

九方XP繁體專業版 is a program that allows Chinese characters to be typed on a computer. (Or so I think)

#44 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 27 June 2007 - 10:55 PM

Interesting!!! I have never seen that kind of entry before, but I think you’re right. It seems to belong to some kind of Chinese software.

Let’s see if you can find the other weird entry in this registry key. Go to start/run and type in regedit and press ok
then follow the path of the next registry key…

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

and check to see if you can find the ?E?eXPAcAe±M•~ac entry there.

Don’t do anything else, just tell me if you see it.

Edited by iguagaby, 27 June 2007 - 10:59 PM.

THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#45 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 27 June 2007 - 11:10 PM

Nope, sorry. I couldn't find that in using regedit.

#46 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 27 June 2007 - 11:46 PM

Did you find the uninstall key?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#47 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 28 June 2007 - 11:42 AM

I'm not sure about what you mean by "uninstall key". The path HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall works but I just cannot find the entry ?E?eXPAcAe±M•~ac.

#48 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 28 June 2007 - 11:09 PM

That is totally crazy!!!! It shows in HJT Add/Remove list, but not in the uninstall registry key. That could mean that it doesn't have an uninstaller. Let's try the following:

Sometimes spyware does change files in the system. If the Winsock Keys are affected it creates problems. Just in case, let’s try rebuilding your Winsock keys by running WinsockFix here:

http://www.snapfiles...nsockxpfix.html

See if that helps, and let me know.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#49 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 29 June 2007 - 12:49 AM

Still couldn't find the file. =/

#50 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 29 June 2007 - 05:04 PM

That program was only meant to try to fix the internet connection resetting problem. If it didn't help, let me know, and then I can think of something else to find that file again. I'm wondering if it's the same file for the Chinese software, but HJT reads it different than CCleaner. That could be a possibility, but still it's kind of weird that we can't find it.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button