Logfile of HijackThis v1.99.1
Scan saved at 23:06:23, on 23-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LANDesk\System Manager\BIN\ssm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LANDesk\System Manager\BIN\modemview.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\LANDesk\System Manager\bin\usm.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WS_FTP Pro\ftpqueue.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Portrait Displays\forteManager\dthtml.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\LANDesk\System Manager\BIN\lsmmonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bjarke Buus\Desktop\hjt\hjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [System Manager] C:\Program Files\LANDesk\System Manager\bin\usm.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ftpqueue] C:\Program Files\WS_FTP Pro\ftpqueue.exe -tray
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: forteManager.lnk = C:\Program Files\Portrait Displays\forteManager\dthtml.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNO8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136128496093O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{12CEDDC7-429C-4479-ACC0-7CA6E3D58617}: NameServer = 62.61.130.1,62.61.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12CEDDC7-429C-4479-ACC0-7CA6E3D58617}: NameServer = 62.61.130.1,62.61.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12CEDDC7-429C-4479-ACC0-7CA6E3D58617}: NameServer = 62.61.130.1,62.61.131.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{12CEDDC7-429C-4479-ACC0-7CA6E3D58617}: NameServer = 62.61.130.1,62.61.131.1
O18 - Protocol: bw+0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7A45F2AE-DB17-4843-809F-C5CA5D4B4BE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Symantec Event Manager service (lolieaae) - Unknown owner - C:\WINDOWS\system32\lolieaae.exe (file missing)
O23 - Service: LANDesk(R) System Manager System Space Manager (LSM_SSM) - LANDesk® Software Ltd. - C:\Program Files\LANDesk\System Manager\BIN\ssm.exe
O23 - Service: LANDesk Message Handler Service (ModemView) - LANDesk® Software Ltd. - C:\Program Files\LANDesk\System Manager\BIN\modemview.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: 23-01-2006
The current time is: 20:39:51,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Install.dat
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
desktop.html
~~~ Drive root ~~~
winstall.exe
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 784 'explorer.exe'
Killing PID 784 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 22:00:58, 23-01-2006
+ Report-Checksum: 9B873B0E
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\SoftActivity -> Spyware.ActivityLogger : Ignored
HKU\S-1-5-21-854245398-507921405-682003330-1003\Software\SoftActivity\Activity Logger -> Spyware.ActivityLogger : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@adtech[2].txt -> Spyware.Cookie.Adtech : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@ehg-cafepress.hitbox[1].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@ehg-edgebe.hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@ehg-nokiafin.hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@fastclick[1].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@revenue[2].txt -> Spyware.Cookie.Revenue : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@valueclick[1].txt -> Spyware.Cookie.Valueclick : Ignored
C:\Documents and Settings\Bjarke Buus\Cookies\bjarke buus@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Bjarke Buus\Desktop\SmileyCentralPFSetup2.0.4.2.exe -> Spyware.MyWebSearch : Ignored
C:\Documents and Settings\Bjarke Buus\Desktop\SmileyCentralPFSetup2.0.4.2.rar/SmileyCentralPFSetup2.0.4.2.exe -> Spyware.MyWebSearch : Ignored
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL -> Spyware.FunWeb : Ignored
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL -> Adware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> Spyware.Wesbar : Ignored
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\c3REStub.Dll -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL -> Spyware.FunWeb : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL -> Spyware.Wesbar : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL -> Adware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL -> Adware.IWon : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL -> Adware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> Spyware.Wesbar : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL -> Spyware.MyWebSearch : Ignored
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL -> Adware.MyWebSearch : Ignored
C:\Program Files\PC Acme\control.exe -> Not-A-Virus.Monitor.PCAcme.64 : Ignored
C:\WINDOWS\system32\exeuouox.sys -> Not-A-Virus.Monitor.PCAcme.61 : Ignored
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Ignored
C:\WINDOWS\system32\lolieaae.dll -> Not-A-Virus.Monitor.PCAcme.61 : Ignored
C:\WINDOWS\system32\lolieaae.exe -> Not-A-Virus.Monitor.Win32.PCAcme.61 : Ignored
::Report End