Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

constant pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

constant pop-ups

Unread postby ryder720 » May 13th, 2006, 4:06 pm

hey thanks for helpin me fix my other computer this is my other one and the computer has constant pop-ups and is very slow. There are also programs such as registry cleaner that you cannot get rid of. i was wondering if any1 could help here is my hijackthis log




Logfile of HijackThis v1.99.1
Scan saved at 1:05:46 PM, on 13/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\System32\rundll32.exe
C:\windows\ms0557190-3234.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\ctfmon.exe
C:\DOCUME~1\lloyd\MYDOCU~1\MBOLS~1\mmc.exe
C:\WINDOWS\?ppPatch\nslookup.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rar
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,ClientStartup -s
O4 - HKLM\..\Run: [rhtzfhuA] C:\windows\rhtzfhuA.exe
O4 - HKLM\..\Run: [ms0557190-3234] C:\windows\ms0557190-3234.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - HKCU\..\Run: [Smob] "C:\DOCUME~1\lloyd\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Twpu] C:\WINDOWS\?ppPatch\nslookup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://accpac.plus.ca/crm/Plugin/eWarePluginX.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5f ... xIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bw+0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Hints - C:\windows\system32\r06u0aj9edo.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\windows\rhtzfhu.exe (file missing)
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city
Advertisement
Register to Remove

Unread postby 'KotaGuy » May 13th, 2006, 4:37 pm

Hi ryder!

Run HJT... click the Misc Tools button. Click the Uninstall Manager button. Then click the Save List button. Save the list to your desktop please.

Download L2mfix from here or here.

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and the Uninstall List and paste them into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 13th, 2006, 5:26 pm

hi and thanks here are the 2 things you asked for Uninstall List


Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 7.0
Azureus
ccCommon
Command
DirectX 9 Hotfix - KB839643
DivX
DivX Player
HijackThis 1.99.1
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.9.30
LiveUpdate 2.7 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional
MSN Messenger 7.5
NAVShortcut
Nero
Network Monitor
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
SPBBC
Symantec
Themexp.org File
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.4a
webHancer Customer Companion
WinAce Archiver 2.0
Winamp (remove only)
WinAVI VideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows Overlay Components
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB896727
Windows XP Hotfix - KB897715
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec



and the l2mfix log




L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\windows\\system32\\r06u0aj9edo.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B1E234E8-3010-78F8-18BC-F17F853BA120}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.2 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.2 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.2 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.2 Property Sheet Shell Extension"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{C0904DDD-3166-4842-9188-61A346FA0C46}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\InprocServer32]
@="C:\\windows\\system32\\msd32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
dxtrans.dll Fri 2006-02-24 14:24:10 A.... 192 512 188,00 K
iepeers.dll Fri 2006-02-24 14:24:42 A.... 236 032 230,50 K
inetcomm.dll Mon 2006-02-27 13:31:54 A.... 596 480 582,50 K
inetres.dll Mon 2006-02-27 13:31:50 A.... 47 616 46,50 K
msdtcprx.dll Wed 2006-03-01 12:44:40 A.... 368 640 360,00 K
msdtctm.dll Wed 2006-03-01 12:44:40 A.... 974 336 951,50 K
msdtcuiu.dll Wed 2006-03-01 12:44:40 A.... 150 528 147,00 K
mshtml.dll Wed 2006-03-22 17:35:42 A.... 2 702 336 2,57 M
msident.dll Mon 2006-02-27 13:29:32 A.... 44 032 43,00 K
msoeacct.dll Mon 2006-02-27 13:31:40 A.... 229 376 224,00 K
msoert2.dll Mon 2006-02-27 13:31:36 A.... 91 136 89,00 K
mstime.dll Fri 2006-03-03 15:13:30 A.... 498 176 486,50 K
mtxclu.dll Wed 2006-03-01 12:44:40 A.... 64 512 63,00 K
mtxoci.dll Wed 2006-03-01 12:44:40 A.... 83 456 81,50 K
rewire.dll Mon 2006-03-27 17:59:06 A.... 225 280 220,00 K
rexsha~1.dll Mon 2006-03-27 17:59:06 A.... 233 472 228,00 K
s32evnt1.dll Tue 2006-02-14 13:05:08 A.... 87 808 85,75 K
shdocvw.dll Tue 2006-03-21 15:14:12 A.... 1 339 392 1,28 M
shell32.dll Thu 2006-03-16 22:04:14 A.... 8 351 232 7,96 M
symneti.dll Wed 2006-02-15 18:26:14 A.... 534 208 521,69 K
symredir.dll Wed 2006-02-15 18:26:14 A.... 161 472 157,69 K
urlmon.dll Thu 2006-03-02 15:57:48 A.... 461 312 450,50 K
wininet.dll Fri 2006-02-24 14:26:08 A.... 575 488 562,00 K
wmp.dll Fri 2006-03-10 6:09:14 A.... 5 533 696 5,28 M
xolehlp.dll Wed 2006-03-01 12:44:40 A.... 11 776 11,50 K
xpsp2res.dll Tue 2006-03-21 18:28:50 A.... 594 944 581,00 K

26 items found: 26 files, 0 directories.
Total of file sizes: 24 389 248 bytes 23,26 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is Win_XP_Home
Volume Serial Number is ECB8-6F5A

Directory of C:\windows\System32

12/05/2006 03:16 PM <DIR> dllcache
26/08/2003 07:14 AM <DIR> Microsoft
07/03/2003 05:20 PM 5,632 Thumbs.db
1 File(s) 5,632 bytes
2 Dir(s) 16,004,059,136 bytes free
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 13th, 2006, 5:59 pm

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 13th, 2006, 6:46 pm

ok thanks here is the new hijack this log



Logfile of HijackThis v1.99.1
Scan saved at 3:45:40 PM, on 13/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\System32\rundll32.exe
C:\windows\ms0557190-3234.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\ctfmon.exe
C:\DOCUME~1\lloyd\MYDOCU~1\MBOLS~1\mmc.exe
C:\WINDOWS\?ppPatch\nslookup.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rar
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,ClientStartup -s
O4 - HKLM\..\Run: [rhtzfhuA] C:\windows\rhtzfhuA.exe
O4 - HKLM\..\Run: [ms0557190-3234] C:\windows\ms0557190-3234.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - HKCU\..\Run: [Smob] "C:\DOCUME~1\lloyd\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Twpu] C:\WINDOWS\?ppPatch\nslookup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://accpac.plus.ca/crm/Plugin/eWarePluginX.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5f ... xIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bw+0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Hints - C:\windows\system32\r06u0aj9edo.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\windows\rhtzfhu.exe (file missing)

and also the l2mfix log



L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (484)
Killing 'winlogon.exe'
winlogon.exe (564)
Killing 'explorer.exe'
C:\windows\Explorer.EXE (1740)
Killing 'rundll32.exe'
"C:\windows\System32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,ClientStartup -s (1404)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\windows\\system32\\r06u0aj9edo.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}\InprocServer32]
@="C:\\windows\\system32\\msd32.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{C0904DDD-3166-4842-9188-61A346FA0C46}"=-
[-HKEY_CLASSES_ROOT\CLSID\{C0904DDD-3166-4842-9188-61A346FA0C46}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/C0904DDD-3166-4842-9188-61A346FA0C46.reg (188 bytes security) (deflated 71%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 13th, 2006, 9:30 pm

Thanks for posting the logs.

Download and run the PurityScan Uninstaller.

Go to this site and follow Procedure 4 to remove New.Net.

Press Ctrl+Alt+delete to bring up the Task Manager. End Task the following:

whagent.exe
whsurvey.exe


Click Start>Run and type in appwiz.cpl and hit enter. From the list uninstall:

J2SE Runtime Environment 5.0 Update 3
Network Monitor
Themexp.org File
webHancer Customer Companion
Windows Overlay Components


Reboot and post a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 13th, 2006, 10:55 pm

ok i did that all but it would not let me remove network monitor it says can not find script file C:\windows\uninstall_nmon.vbs
but other than that everthing else worked here is the new hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 7:51:26 PM, on 13/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\ms0557190-3234.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rar
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [rhtzfhuA] C:\windows\rhtzfhuA.exe
O4 - HKLM\..\Run: [ms0557190-3234] C:\windows\ms0557190-3234.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://accpac.plus.ca/crm/Plugin/eWarePluginX.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5f ... xIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bw+0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Hints - C:\windows\system32\r06u0aj9edo.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\windows\rhtzfhu.exe (file missing)
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 13th, 2006, 11:36 pm

Thanks for posting the log... looking better :)

ok i did that all but it would not let me remove network monitor it says can not find script file C:\windows\uninstall_nmon.vbs


S'ok... we'll deal with that in a bit.

Going to give you a bit to take care of now. Please print this out for reference as for part of it you won't be able to go online.

Download and install CCleaner. You don't need to install the Yahoo Toolbar. Don't run the program yet.

Download and install the Ewido Anti-Malware trial. Don't install the Ewido Guard(its Real Time Protection). Update the program but don't scan with it yet.

Bring up the Task Manager and End Task:

ms0557190-3234.exe

Run and scan with HijackThis. With all Browsers and windows closed, place a check beside the following and fix:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rar
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [rhtzfhuA] C:\windows\rhtzfhuA.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://accpac.plus.ca/crm/Plugin/eWarePluginX.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5f ... xIE601.cab
O20 - Winlogon Notify: Hints - C:\windows\system32\r06u0aj9edo.dll (file missing)
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\windows\rhtzfhu.exe (file missing)


Click the Config button in HJT. Click the Misc Tools button. Click the Uninstall Manager button. Hilite Network Monitor and click the Delete this entry button.

Then click the Back button. Click the Delete an NT Service button. In the text field type in SpywareCleanerService and click OK. Do the same thing for Windows Overlay Components.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Search for and delete the following folders:

C:\Program Files\webHancer
C:\Program Files\NewDotNet
C:\Program Files\PartyPoker
C:\Program Files\Spyware Cleaner
C:\Program Files\Registry Cleaner
C:\Documents and Settings\lloyd\My Documents\MBOLS~1
C:\Program Files\Network Monitor

Search for and delete the following files:

C:\Windows\ms0557190-3234.exe
C:\Windows\rhtzfhuA.exe
C:\Windows\rhtzfhu.exe

Some of the above may not be there... if you can't find one its ok... move on to the next one.

Browse to your C:\Windows\Prefetch folder. Delete all the files in the folder, do not delete the folder itself. Empty your Recycle Bin.

Run CCleaner. Run and scan with Ewido. Let it fix anything it finds. Save the log it creates to your Desktop.

Reboot Windows normally and post the Ewido log along with a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 14th, 2006, 1:34 am

ok well i did everthing that you told me to do and here are the logs


ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:26:49 PM, 13/05/2006
+ Report-Checksum: 4D5C7287

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-3581506895-1292286586-3675345140-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\defender19a.exe -> Hijacker.VB.nh : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@c4.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkoajdzodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjl4ggc5cgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmywhcpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjny-1gczmf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjnygkczgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ehg-mybc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ehg-superpages.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ehg-yellowpages.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@offers.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\keyboard19.exe -> Downloader.VB.ys : Cleaned with backup
C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38-1.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22-1.exe -> Adware.NewDotNet : Cleaned with backup


::Report End




and the new hijack this log



Logfile of HijackThis v1.99.1
Scan saved at 10:31:19 PM, on 13/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\ctfmon.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ms0557190-3234] C:\windows\ms0557190-3234.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bw+0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 14th, 2006, 2:35 am

Thanks for posting the logs.

Print this out for reference as for part of it you wont be able to go online.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:\) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Run and scan with HijackThis. With all browsers and windows closed, place a check beside the following and fix:

O4 - HKLM\..\Run: [ms0557190-3234] C:\windows\ms0557190-3234.exe

Reboot your computer into Safe Mode.

Please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post a new HiJackThis log
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 14th, 2006, 2:58 am

ok hetre is the new hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 11:57:15 PM, on 13/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\ctfmon.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bw+0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {30B24F16-19DA-4201-9636-08FCC4452A32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 14th, 2006, 3:52 pm

Good work! Your log is clean!

How is the PC behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ryder720 » May 14th, 2006, 4:37 pm

it seems to be working good i'm just tryin to get rid of programs i don't need right now thank you guys for all the help this site is the best thanks again
ryder720
Regular Member
 
Posts: 26
Joined: May 12th, 2006, 7:29 am
Location: van city

Unread postby 'KotaGuy » May 14th, 2006, 5:35 pm

Good to hear!

Some suggestions...

If you don't have them, download Ad-Aware and Spybot S&D. Visit this page for proper configuration of Spybot and Ad-Aware. Run and scan with both, letting them fix whatever they find. Remember to reboot between each scan.

Now that your computer is clean, its a good time to reset your System Restore point. This will ensure a clean backup to fall upon if you ever need it. To do this:
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

I recommend downloading and installing SpywareBlaster, SpywareGuard, and IE-SPYAD as well. The programs are free and can be updated... so please do so. Installing these will go a long way in preventing reinfection.

If you don't have one, I recommend installing a Firewall. I'm sure you've heard of ZoneAlarm.

Check out these links How'd I get Infected and Understanding Spyware as well, some good information for you.

Other than that, remember to update Windows frequently, update your protection programs, scan often and...

Surf Safe!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 'KotaGuy » May 15th, 2006, 2:56 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware