Tech Support Forum banner
Status
Not open for further replies.

Hijacker just won't die! HJTAnalyzer Log attached

1K views 7 replies 2 participants last post by  greyknight17 
#1 ·
Here's my HJT Analyzer log. What should I do?

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\mps\mscifapp.exe
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:40:36 PM, on 3/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\NATHAN\DESKTOP\HijackThis.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EF6914-A514-4761-A3BE-DA76657099BD}: NameServer = 194.134.5.5 194.134.5.55
O18 - Protocol: bw+0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================
 
See less See more
#2 ·
What problems are you having now?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\Program Files\Spyware Nuker 2004\swn2.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Spyware Nuker 2004

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\Spyware Nuker 2004\

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.
 
#3 ·
Yeah.

Just about every time (or is it every time) I start up my computer I have this annoying "Shop at home select" hijacker. I run Spyware Nuker to get rid of it. It shows up a bunch of times in my reg. It seems gone, but then it is back in the reg when I restart my computer. What's the deal with that?

Nathan

BTW. Thanks for the website. I've downloaded a lot of the anti-spyware software that you have linked.
 
#4 ·
OK, not sure if you did this already, but if you didn't run Ad-aware, Spybot and CWShredder:

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
 
#5 ·
OK. Here's the StartDreck log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

StartDreck (build 2.1.7 public stable) - 2005-03-11 @ 18:13:34 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Nathan at D2490D61

»Registry
»Run Keys
»Current User
»Run
*DellSupport="C:\Program Files\Dell Support\DSAgnt.exe" /startup
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
*LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*IgfxTray=C:\WINDOWS\system32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
*IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
*PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
*UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
*MMTray=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
*VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
*MPFExe=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
*Dell Photo AIO Printer 922="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
*LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
*LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
*LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
*mmtask=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
*SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
*MPSExe=c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
*MSKAGENTEXE=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
*MSKDetectorExe=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
*Spyware Nuker=C:\Program Files\Spyware Nuker 2004\swn2.exe /h
*msnappau="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*McBrHlpr.McBrwHelper.1/{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
`InprocServer32=c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
*McAfee.PopupKiller.1/{3EC8255F-E043-4cae-8B3B-B191550C2A22}
`InprocServer32=c:\program files\mcafee.com\mps\popupkiller.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890}
`InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll
*ST/{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
`InprocServer32=C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
*MSNToolBandBHO/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
`InprocServer32=C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
»Internet Explorer
»Current User
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*First Home Page=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+SearchUrl
*provider=
»Default User
*Default_Page_URL=http://www.dell4me.com/myway
*First Home Page=http://www.dell4me.com/myway
*Start Page=http://www.dell4me.com/myway
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=about:blank
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Nathan\Start Menu\Programs\Startup\DESKTOP.INI
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\DESKTOP.INI
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`C:\WINDOWS\system32\dsktrf.dll=C:\DOCUME~1\Nathan\LOCALS~1\Temp\WIN20.tmp
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\NOTEPAD.EXE
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+556=\SystemRoot\System32\smss.exe
+632=\??\C:\WINDOWS\system32\csrss.exe
+656=\??\C:\WINDOWS\system32\winlogon.exe
+700=C:\WINDOWS\system32\services.exe
+712=C:\WINDOWS\system32\lsass.exe
+884=C:\WINDOWS\system32\svchost.exe
+964=C:\WINDOWS\system32\svchost.exe
+1116=C:\WINDOWS\System32\svchost.exe
+1160=C:\WINDOWS\system32\svchost.exe
+1348=C:\WINDOWS\system32\svchost.exe
+1632=C:\WINDOWS\system32\spoolsv.exe
+2736=c:\PROGRA~1\mcafee.com\vso\mcshield.exe
+2764=c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
+2876=C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
+3148=C:\WINDOWS\system32\svchost.exe
+3188=C:\WINDOWS\system32\wdfmgr.exe
+2148=C:\WINDOWS\System32\alg.exe
+1204=C:\WINDOWS\Explorer.EXE
+1004=C:\WINDOWS\system32\hkcmd.exe
+380=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
+352=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
+208=C:\Program Files\Dell\Media Experience\PCMService.exe
+3624=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
+1812=C:\PROGRA~1\mcafee.com\agent\mcagent.exe
+600=C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
+1916=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
+2108=c:\progra~1\mcafee.com\vso\mcvsescn.exe
+1940=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
+1472=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
+3004=C:\WINDOWS\system32\LVCOMSX.EXE
+1596=C:\Program Files\Logitech\Video\LogiTray.exe
+2444=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
+304=C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
+2452=C:\Program Files\Analog Devices\Core\smax4pnp.exe
+384=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
+2488=C:\Program Files\Spyware Nuker 2004\swn2.exe
+1152=C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
+1292=C:\WINDOWS\system32\dla\tfswctrl.exe
+1064=C:\Program Files\Dell Support\DSAgnt.exe
+2544=C:\Program Files\MSN Messenger\MsnMsgr.Exe
+3816=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
+1388=C:\Program Files\Logitech\Video\FxSvr2.exe
+1996=c:\progra~1\mcafee.com\vso\mcvsftsn.exe
+2568=C:\Program Files\Messenger\msmsgs.exe
+176=c:\program files\mcafee.com\mps\mscifapp.exe
+3872=C:\Windows\System32\Notepad.exe
+3588=C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
+1544=C:\Program Files\Mozilla Firefox\firefox.exe
+2860=C:\Program Files\Microsoft Office\Office\WINWORD.EXE
+3324=C:\Program Files\Microsoft Office\Office\EXCEL.EXE
+1296=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmjb.exe
+3724=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
+4004=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_director.exe
+1728=C:\PROGRA~1\MUSICM~1\MUSICM~3\MM_TDM~1.EXE
+1864=C:\Program Files\StartDreck\StartDreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 
#6 ·
Download AboutBuster and unzip it to a folder on your the Desktop. Run AboutBuster and follow the prompts to scan (choose Yes/OK for all). It will ask you if you want a second scan, choose Yes. Save the log file and post it here.

Go to C:\WINDOWS\ and double click on wininit.ini to open it. Delete all the lines in that file. Save it and close it.

Delete this file -> C:\WINDOWS\system32\dsktrf.dll

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Restart and post a new HijackThis log.

Any problems now?
 
#7 ·
Hey. Thanks for helping. Only I still have that pesky adware on my computer. I've done everything in your e-mail.

The situation is that I have this program called "Spyware Nuker". I ran it and it found this hijacker caller "Shop at home select." It seems to get into a lot of running programs and stuff. I've attached the Spyware Nuker for you to see it.

After having Spyware Nuker delete the Hijacker, I've then run CleanUp and Spybot and Ad-Aware and Shredder. When I restart my computer the "Shop at home select" is back. I deleted it again with I've attaced the Log of the HJT Analyzer here.

I am also the person who left a message saying that I've been getting about 1000 attempts a day on my Firewall. What's up with that.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 5:41:19 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Nathan\Desktop\AboutBuster\AboutBuster\AboutBuster.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EF6914-A514-4761-A3BE-DA76657099BD}: NameServer = 194.134.5.5 194.134.5.55
O18 - Protocol: bw+0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {02376D48-AF3A-46A6-8435-59C03B15D39F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================


Here's The Spyware Nuker Logfile


Version: 3.3.16.1
Definition Database Date: 2/25/2005 02:09:35 PM
OS version: Windows XP 5.1.2600 [Service Pack 2]
Web Browser Version: IE:6.0.2900.2180;
Date/Time: 03/13/2005 17:15:57

Shop At Home Select - Hijacker 698 Shop At Home Select is a Winsock2 Layered Service Provider that redirects visits to merchant sites in order to take the affiliate fees.
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Running Process 7432 MSKSrvr.exe (ID 2856): mclsp.dll
Running Process 7432 MPFSERVICE.exe (ID 2808): mclsp.dll
Running Process 7432 LogitechDesktopMessenger.exe (ID 320): mclsp.dll
Running Process 7432 MsnMsgr.Exe (ID 312): mclsp.dll
Running Process 7432 DSAgnt.exe (ID 236): mclsp.dll
Running Process 7432 PCMService.exe (ID 1740): mclsp.dll
Running Process 7432 spoolsv.exe (ID 1624): mclsp.dll
Running Process 7432 svchost.exe (ID 1112): mclsp.dll
Running Process 7432 lsass.exe (ID 712): mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
File 7432 C:\WINDOWS\system32\mclsp.dll
Registry Key 7432 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000035
File 7432 C:\WINDOWS\system32\mclsp.dll
 
#8 ·
Go to C:\WINDOWS\ and open up wininit.ini. Delete all the lines in that file. Save it and close it.

I don't like SpywareNuker that much since it’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. If you still want to keep it, it's your choice.

Not sure if it's reporting a false-positive, but are any other programs detecting this? Use Ad-aware, Spybot and Microsoft Antispyware. All free. Update and run a full system scan. Make sure system restore is still off.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top