Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

User: HD; Here is the log file from my system SCAN.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

User: HD; Here is the log file from my system SCAN.

Unread postby hd » September 23rd, 2006, 1:33 pm

Logfile of HijackThis v1.99.1
Scan saved at 12:29:55 PM, on 9/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Quick Time\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\gblkaaaa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\Msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Harold\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [wpdmtp] C:\WINDOWS\System32\wpdmtp.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk278CICA
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hot ... hotbar.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB19F49-0CE6-4C29-BCE1-334BCE8A1D7E}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: bw+0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: IEFilter - {0861924F-CE10-4B5B-BA10-E493737E5DC6} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm
Advertisement
Register to Remove

Unread postby Vino Rosso » September 23rd, 2006, 2:40 pm

Hi! hd and welcome to the Malware Removal forums.
My name is Vino Rosso - if it helps, you can call me Vino for short. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a little time to research and, while I complete my training, all my recommended fixes will be checked by an expert.

Please be patient and I'd be grateful if you would note the following:
  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Finally, please reply to this thread. Do not start a new topic.
Be back soon.
Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby Vino Rosso » September 24th, 2006, 4:07 am

Hi hd

1 - Update Windows
You are currently using an unpatched version of Microsoft Windows XP. It is CRITICAL that you update to Service Pack 1 as it is likely your PC will get re-infected as soon as we clean it up.

Please visit this link: Microsoft Service Pack 1 and install Service Pack 1. If you run into troubles, please post them here.

IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable. We will update to SP2 when you are clean.

Please let me know if you are having any problems updating.

Once you have Service Pack 1 installed, please move on to step 2.

2 - HijackThis
You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTsetup.exe from >here< and save it to your Desktop.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • At the final dialogue box uncheck the box to the left of "Launch Hijackthis" and then click Finish
3 - Check on status
After you have completed the above, please reboot and provide a new HijackThis log and let me know what problems you are experiencing with your PC.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

HD:

Unread postby hd » September 24th, 2006, 3:23 pm

I installed WIndows Windows Service Pack 1, and Hijack this per your instructions.........I am still getting same errors when trying to run Office 97 products........also when opening a browser I get "MSN Search Toolbar Updater has encountered a problem and needs to close"......in summary, still same problems as before.

Here is my new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:35 PM, on 9/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Quick Time\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\System32\gblkaaaa.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [wpdmtp] C:\WINDOWS\System32\wpdmtp.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk278CICA
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hot ... hotbar.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB19F49-0CE6-4C29-BCE1-334BCE8A1D7E}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: bw+0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: IEFilter - {0861924F-CE10-4B5B-BA10-E493737E5DC6} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » September 25th, 2006, 5:42 am

Hi hd

Cleaning your PC will probably take several posts. Please be patient and we'll get there!

1 - Downloads and Preparation

CCleaner
Download CCleaner from >here< and save it to your Desktop. When the file has been saved, click Run and follow the prompts to install the program.
When finished, close CCleaner. We will use the program later

Ewido
  1. Download Ewido Anti-spyware from >here< - the program is fully functional on a trial basis
    1. Deselect the Run Ewido now option and close the installer
    2. Launch ewido, there should be an orange Turks head icon on your desktop or in the Systray, double-click it.
    3. Click the Update now button.
    4. When the update has completed click on the Scanner icon at the top menu
      • Click on Settings tab
      • Confirm that all check boxes are ticked on the left
      • Under Reports, select the first option to Automatically generate report after every scan and remove the check against Only if threats were found
      • Scan every file is selected
    5. Exit Ewido for now.
2 - Show hidden files
Next we need to show hidden files and folders.
In Windows Explorer, select Tools > Folder Options > View
Set 'Hidden files and folders' to Show hidden files and folders
Untick Hide protected operating system files.
OK

3 - Stop processes
Using Task Manager, stop the following processes
Press the Ctrl, Alt, and Delete keys together to open Task Manager
Click the 'Processes' tab
Click on 'Image Name' to sort the processes alphabetically
Scroll down, right-click and select 'End Process' on the following entries if they exist
OK any warnings.
gblkaaaa.exe
mwsoemon.exe

Close Task Manager

4 - Remove Programs
Go to Start > Control Panel > Add/Remove Programs
If present, remove the following programs:
** Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
MyWebSearch

5 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O4 - HKCU\..\Run: [wpdmtp] C:\WINDOWS\System32\wpdmtp.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [gblkaaaa] C:\WINDOWS\System32\gblkaaaa.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk278CICA
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hot ... hotbar.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O21 - SSODL: IEFilter - {0861924F-CE10-4B5B-BA10-E493737E5DC6} - C:\WINDOWS\system32\IEFilter.dll (file missing)


Close all windows except HijackThis
Select Fix Checked in HijackThis.

6 - Boot Into Safe Mode
Boot your PC into Safe Mode by restarting your computer and keep tapping F8 until the menu appears.
Use your up and down arrow keys to select Safe Mode.
We will continue your fix in Safe Mode.

7 - Delete suspect files/folders
Using Windows Explorer, browse for the following files/folders and delete as instructed
NB Some files may have already been deleted by earlier actions so don't worry if you do not see them:

C:\WINDOWS\System\blank.htm <=== This file only

C:\WINDOWS\System32\gblkaaaa.exe <=== This file only
C:\WINDOWS\System32\IEFilter.dll <=== This file only
C:\WINDOWS\System32\wpdmtp.exe <=== This file only

C:\Program Files\MyWebSearch <=== This folder only

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

8 - Clean Up Files
Start CCleaner and in the Cleaner settings window on the left, make sure the following are ticked (they should be the defaults):
Internet Explorer
- Temporary Internet Files
- History
- Recently Typed URLs
- Delete Index.dat files
- Last Download Location
Windows Explorer
- All items ticked
System
- All items ticked
Advanced
- Old Prefetch data

Click Run Cleaner and OK the warning.
When finished, close CCleaner by clicking on the white cross in the red box at the top right corner of the window.

9 - Scan With Ewido
  1. Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
  2. Open the programme by clicking on the orange Turks head
    • Click on the Scanner icon at the top
    • Select the Scan tab and then the Complete system scan option and let the program scan the machine
  3. When the scan has finished:
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  4. When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  5. Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

10 - Check on status
After you have completed the above, please reboot and provide:
- the Ewido log
- a new HijackThis log
- can you also let me know if you use Logitech Desktop Manager
- and let me know how your PC is behaving.

Remember, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Status - Post Clean-up

Unread postby hd » September 28th, 2006, 9:24 pm

Hi.

I did everything instructued........when I reboot I got a message "LDM Configuration Application has encountered a problem and needs to close". Also get messages "MSN Search Toolbar Updated has encountered a problem.........", "RealPlayer has encountered a problem..........". When trying to launch Word, get the same message "....Word 97 application file has encountered a problem........". If I click on a Word file on my desktop it also gives a message saying that Windows cannot find the particular Word file.

I did note on my Ewido scan some 64 infections; but they should have been quarantined.

Here is my Ewido Scan report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:08:03 PM 9/28/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Common -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Common\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOI\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\HostOL\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Hotbar\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Hotbar\options -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Time\HostOE -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Time\HostOE\updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Hotbar\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Common -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Common\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOI\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\HostOL\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Hotbar\Sample -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Hotbar\Sample\Hist -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Hotbar\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Hotbar\options -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Time\HostOE -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Time\HostOE\updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Hotbar\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_10.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP853\A0245056.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249055.exe -> Backdoor.Agent.acv : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060928-190039-735.dll -> Dialer.VB.j : Cleaned with backup (quarantined).
C:\arcldrer.exe -> Downloader.Small.bxs : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\glxugaaa.exe -> Downloader.Small.dou : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\glxugaaa.exe3072.exe -> Downloader.Tiny.cp : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@engage[1].txt -> TrackingCookie.Engage : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@uk.ads.link4ads[1].txt -> TrackingCookie.Link4ads : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@gm.preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup (quarantined).
C:\olddata\WINDOWS\Cookies\guest@x10[2].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\glooejfc.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dkevgvse.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dqjaaaaa.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dqqmagco.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\duwbhyap.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\phrngaaa.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pllplbxr.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).


::Report end


**************

Here is my latest Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:01 PM, on 9/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Quick Time\qttask.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-ca\msnappau.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O18 - Protocol: bw+0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » September 30th, 2006, 6:13 pm

Hi hd

We'll probably need a few more posts yet to tidy things up. Before we start the next steps, I would draw your attention to two programs on your PC:

Logitech® Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. LDM ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. LDM delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer?related product and service developments (Logitech and otherwise) that are applicable to your life. Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet. If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!

Download Accelerator
You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives >here<.

I suggest both these programs are removed

OK, let's move on to the next steps.

1 - Antivirus
It appears from your log that you are not running any AntiVirus application. You could get infected immediately after we clean you up. I suggest that you get ONE of these:

» AVG AntiVirus
» Avast!
» AntiVir

After installing, make sure the program updates itself then allow it to scan your system.

2 - Remove NewDotNet
LSPFix
Download LSPFix from >here<. Please note that this is a precaution that you may not need to use.

Uninstall NewDotNet
Please go >here< and follow the removal instructions in Procedure 4 at the bottom of the page.
*** If you can not connect to the Internet after removing New.Net, please run the LSPFix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.

3 - Remove Programs
Go to Start > Control Panel > Add/Remove Programs
If present, remove the following programs:
** Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
DAP or Download Accelerator
Logitech Desktop Manager


4 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

Close all windows except HijackThis
Select Fix Checked in HijackThis.

5 - Delete suspect files/folders
Using Windows Explorer, browse for the following files/folders and delete as instructed
NB Some files may have already been deleted by earlier actions so don't worry if you do not see them:

C:\counter.cab <=== This file only

C:\Program Files\DAP <=== This folder only
C:\Program Files\newdotnet <=== This folder only
C:\Program Files\Logitech\Desktop Messenger <=== This folder only

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

6 - Check on status
After you have completed the above, please reboot and provide a new HijackThis log and let me know how your PC is behaving.

Remember, if you can, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby hd » October 2nd, 2006, 9:34 pm

Could not seem to format a 3.5" diskette ! Can't seem to format in my A: drive. Tried a few 3.5 diskettes. Is there another way to run the Unistall NewDotNet ?

Also, per your point 1, the Ewido anti spyware program you had me run is still working, so I actually do have anti-spyware running.

That;'s all I have done for now.
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » October 3rd, 2006, 6:17 am

Hi hd

I should advise you that the forum's search facility requires a minimum of three characters therefore any search for your posts, based on your current name, will fail. I recommend that you change your name to one with at least three characters. Please let me know if you wish to do this and what you would like your new name to be.

1 - Formatting A Floppy
Just in case, check the label of the floopy disk or the box that it came in as many floppies are supplied already formatted. If not, here are some options - note that I don't know your level of computer use so my apologies if you've already tried these:

1) Open Windows Explorer
Insert floppy into your PC's disk drive
In Windows Explorer, open My Computer by clicking on the small + (plus)
Right-click on Floppy (A:) and select Format
Follow instructions to format and return to the NewDotNet uninstall step.

2) Try using another PC to format the floppy.

3) Ask a friend or relative to let you have a blank, formatted floppy.

2 - Antivirus
It is true that you have AVG Anti-Spyware (previously Ewido - the name changed in the past few days) running however, unless you have purchase a licence for the program, the real-time protection will cease after 30 days and leave your PC vunerable. You should:
1) Purchase a licence for AVG Anti-Spyware >here<
2) Purchase another antivirus program
3) Use one of the free antivirus programs suggested in my previous post.

Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

HD - Problems with Fixes

Unread postby hd » October 9th, 2006, 1:31 pm

OK. I'm back. I actioned your last post and had the following issues/problems in accordance with step #:

1. Antivirus - downloaded AVG Antivirus, did scan, and it is constantly monitoring my PC now.

2. Had to replace my A drive; but performed everything per step 2.

3. Could not remove DAP or Logitech Desktop Manager........with DAP got message "UNWISE.EXE has encountered a problem and needs to close".....it appears DAP starts up automatically with boot up. With Logitech removal got message : "InstallShield Setup Launcher has encounterd a problem and needs to close".

4. Did the HJT scan and performed the fix as requested.

5. Could not delete DAP and Desktop Manager folders. When trying to delete DAP folder got message "Cannot delete DAIEBar.dll; access is denied". When trying to delete Desktop Messenger folder got messsage "cannot delete chandir.idx........."

6. As of now, still have same computer problems as mentioned in previous posts; Office products not working, various error messages when calling up browser (see previous posts for details)....also, every once and awhile get message window "RUNDLL: Error loading $#^$#, ..." Interesting.

Here is my latest Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 12:31:27 PM, on 10/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Quick Time\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ecRecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB19F49-0CE6-4C29-BCE1-334BCE8A1D7E}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: bw+0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » October 9th, 2006, 7:50 pm

Hi hd

Let's carry on with the tidy up and see how we do...

1 - Boot Into Safe Mode
Boot your PC into Safe Mode by restarting your computer and keep tapping F8 until the menu appears.
Use your up and down arrow keys to select Safe Mode.
We will continue your fix in Safe Mode.

2 - Stop processes
Using Task Manager, stop the following processes
Press the Ctrl, Alt, and Delete keys together to open Task Manager
Click the 'Processes' tab
Click on 'Image Name' to sort the processes alphabetically
Scroll down, right-click and select 'End Process' on the following entries if they exist as some may have been removed by our earlier actions.
OK any warnings.
If you cannot find the name, do not worry - just move on to the next one. As the PC is in Safe Mode some of these processes may not have started.
DAP.exe
LogitechDesktopMessenger.exe

Close Task Manager

3 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O18 - Protocol: bw+0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


Close all windows except HijackThis
Select Fix Checked in HijackThis.

4 - Delete suspect files/folders
Using Windows Explorer, browse for the following files/folders and delete as instructed
NB Some files may have already been deleted by earlier actions so don't worry if you do not see them:

C:\Program Files\BFGToolbar <=== This folder only
C:\Program Files\DAP <=== This folder only
C:\Program Files\Logitech\Desktop Messenger <=== This folder only
C:\Program Files\VSToolbar <=== This folder only

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Re-boot your PC normally

5 - Kaspersky Online Scan
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
6 - Check on status
After you have completed the above, please reboot normally and provide:
  • the Kaspersky Scan report
  • a new HijackThis log
  • and a description of how your PC is behaving
Remember, if you can, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Even more trouble now !

Unread postby hd » October 10th, 2006, 10:22 pm

Did everything you asked; please note the following:

step 2; DAp.exe and LogitechDesktopMessenger.exe processes were not running in safe mode so could end them.

Status of computer.......worse than ever......all same problems as previous posts plus AVG Virus program was finding a virus every 5 seconds or so "Trojan" type; but for most couldn't "heal" them....was unfamiliar with file type or "access was denied". Last reboot was extremely slow.......had to do it 3 times..........something is slowing everything down.

Here is the Kapersky scan results;

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 10, 2006 8:41:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/10/2006
Kaspersky Anti-Virus database records: 230497
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 70316
Number of viruses found: 26
Number of infected objects: 230 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:29:53

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\WINDOWS\SYSTEM32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\SYSTEM32\awtqnkh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\qkmdaqcx.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\yayawwv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\rqrroli.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\ljjklmk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\hggggfc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\urqqpmk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\fccdcab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\ssqqqpp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\fccyxxv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\ssqqolm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\byxvuuu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\awtrspn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\ssqnnkj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\tuvuurp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\ssqnmkk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\awturst.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\dhserver.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\SYSTEM32\wvutssr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\SYSTEM32\djuiext.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\NetSetup.LOG Object is locked skipped
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\TheSearchAccelerator\IUCmore.dll Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\wacky.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\wacky.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\wacky.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\wacky.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\wacky.exe RarSFX: infected - 4 skipped
C:\wacky32.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\wacky32.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\wacky32.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\wacky32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\wacky32.exe RarSFX: infected - 4 skipped
C:\RDFX4.exe Object is locked skipped
C:\drsmartload.exe Object is locked skipped
C:\ucmoreiex.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\ucmoreiex.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\ucmoreiex.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\ucmoreiex.exe ZIP: infected - 3 skipped
C:\ucmoreiex.exe WiseSFX Dropper: infected - 3 skipped
C:\MTE3NDI6ODoxNgnew.exe Object is locked skipped
C:\warebundlenewer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Installer4.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\drsmartload45a45a45s.exe Object is locked skipped
C:\MTE3NDI6ODoxNgV2.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\Harold\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Harold\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Harold\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Harold\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Harold\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Harold\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Harold\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Harold\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[1].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[1].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[1].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[1].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[2].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[2].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[2].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[2].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[2].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[3].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[3].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[3].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[3].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[3].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[4].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[4].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[4].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[4].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[4].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[5].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[5].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[5].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[5].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[5].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[6].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[6].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[6].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[6].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[6].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[7].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[7].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[7].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[7].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[7].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[8].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[8].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[8].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[8].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[8].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[9].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[9].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[9].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[9].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[9].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[10].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[10].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[10].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[10].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[10].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[11].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[11].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[11].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[11].exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[11].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[12].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[12].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[12].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[12].exe/data.rar Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\wack[12].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\RDFX4[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\MTE3NDI6ODoxNgV2[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wack[1].exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wack[1].exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wack[1].exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wack[1].exe/data.rar Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wack[1].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ucmoreiex[1].exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ucmoreiex[1].exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ucmoreiex[1].exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ucmoreiex[1].exe ZIP: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ucmoreiex[1].exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\ac3_0010[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\loader[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\MTE3NDI6ODoxNg[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\Installer[1].exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\drsmartload45a[1].exe Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249482.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249005.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249008.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249009.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249010.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249011.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249012.DLL Infected: not-a-virus:AdWare.Win32.MyWay.ac skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249013.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249014.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249015.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249018.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249019.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249021.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249022.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249023.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249024.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249025.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249026.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249027.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249029.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249030.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249032.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249034.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249035.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249036.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249038.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249039.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249040.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249044.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249046.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249047.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249048.DLL Infected: not-a-virus:AdWare.Win32.MyWay.ac skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249049.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249463.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249464.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249465.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249466.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249467.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249468.exe Infected: Trojan.Win32.Zapchast.ca skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249472.dll Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249475.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249476.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249477.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249478.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249479.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249480.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP857\A0249481.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP858\A0250484.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP863\A0251620.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP863\A0251639.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0252675.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0252675.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0252675.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0252675.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0252675.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0253692.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0253692.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0253692.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0253692.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP864\A0253692.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253717.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253717.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253717.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253717.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253717.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0253719.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255714.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255714.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255714.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255714.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255714.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255738.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255738.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255738.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255738.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255738.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0255740.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257727.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257727.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257727.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257727.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257727.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257729.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257730.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0257730.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258732.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258732.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258732.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258732.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258732.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258764.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258764.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258764.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258764.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258764.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP865\A0258766.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258776.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258776.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258776.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258776.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258776.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0258778.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259763.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259763.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259763.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259763.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259763.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259765.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259766.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0259766.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0260765.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0260765.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0260765.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0260765.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0260765.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261765.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261765.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261767.exe Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\change.log Object is locked skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261897.exe/data.rar/rmsyrup.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261897.exe/data.rar/rmsyrup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261897.exe/data.rar/drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261897.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261897.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{B3594093-FD7B-4604-A677-E65374F5DA66}\RP866\A0261899.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped

Scan process completed.
********************

Here is the latest Hijack log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:14:31 PM, on 10/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Quick Time\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\nwnmff_e26.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\dfndrff_e26.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ecRecvr.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e26.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB19F49-0CE6-4C29-BCE1-334BCE8A1D7E}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » October 11th, 2006, 1:53 pm

Hi

OK, let's focus on getting rid of the Vundo infection.

1 - Program Download
Please download to your Desktop ATF Cleaner by Atribune from >here<. This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and greys out the other(s).
We will use this program later.

2 - Delete Temporary Files
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

3 - VundoFix
Please download VundoFix.exe from >here< to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Important: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

4 - Check on status
After you have completed the above, please provide:
  • the vundofix.txt report
  • a new HijackThis log
Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

HD - Vundo fun

Unread postby hd » October 11th, 2006, 9:35 pm

Did what you told me.........still same computer problems as mentioned in previous posts........still have some virus really wanting me to play poker on web...............................Thanks for your continued help.....

Here is my Hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 8:32:15 PM, on 10/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\devldr32.exe
C:\Quick Time\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\nwnmff_e26.exe
C:\dfndrff_e26.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eiRecvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.munky.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\yayawwv.dll
O2 - BHO: (no name) - {9B088994-6B3F-4E52-BC8B-37F2E0530DFC} - C:\WINDOWS\System32\pmkjg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e26.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edraw ... wnload.cfm
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB19F49-0CE6-4C29-BCE1-334BCE8A1D7E}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\idagehlp.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dhserver.dll (file missing)
O20 - Winlogon Notify: yayawwv - C:\WINDOWS\SYSTEM32\yayawwv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows Windows Sheduler (Microsoft Windows Scheduled Tasker) - Unknown owner - C:\WINDOWS\eiRecvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe


***********

Here is my vundo.txt file:


VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 5:34:40 PM 10/11/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\sibqqcgf.exe

VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 6:42:48 PM 10/11/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\sibqqcgf.exe
C:\WINDOWS\System32\pmkjg.dll
C:\WINDOWS\system32\dhserver.dll
C:\WINDOWS\System32\gjkmp.ini
C:\WINDOWS\System32\gjkmp.bak1
C:\WINDOWS\System32\gjkmp.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\sibqqcgf.exe
C:\WINDOWS\SYSTEM32\sibqqcgf.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmkjg.dll
C:\WINDOWS\System32\pmkjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dhserver.dll
C:\WINDOWS\system32\dhserver.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\gjkmp.ini
C:\WINDOWS\System32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\gjkmp.bak1
C:\WINDOWS\System32\gjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\gjkmp.bak2
C:\WINDOWS\System32\gjkmp.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 7:26:48 PM 10/11/2006

Listing files found while scanning....

C:\WINDOWS\system32\idagehlp.dll
C:\WINDOWS\system32\dhserver.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\idagehlp.dll
C:\WINDOWS\system32\idagehlp.dll Has been deleted!

Performing Repairs to the registry.
Done!
hd
Active Member
 
Posts: 7
Joined: September 23rd, 2006, 1:06 pm

Unread postby Vino Rosso » October 12th, 2006, 7:43 am

Hi hd

You have a badly infected PC so the cleaning up process will take a little time. This is another quite involved set of instructions so please read through them carefully... and keep up the good work!

Please print these instructions as you will not have access to the internet

1 - Delete Service Preparation
Open notepad - it must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad
Choose File > Save and type "delservices.bat" (including the quotes) and save it to your desktop.

Code: Select all
@echo off 
sc stop "Windows Windows Sheduler" 
sc delete "Windows Windows Sheduler"


Do not do anything else with this file yet!!

2 - Boot Into Safe Mode
Boot your PC into Safe Mode by restarting your computer and keep tapping F8 until the menu appears.
Use your up and down arrow keys to select Safe Mode.
We will continue your fix in Safe Mode.

3 - Run delservices.bat
Locate delservices.bat on your desktop and double-click the icon
You may not notice anything happen - this is OK.

4 - Stop processes
Using Task Manager, stop the following processes
Press the Ctrl, Alt, and Delete keys together to open Task Manager
Click the 'Processes' tab
Click on 'Image Name' to sort the processes alphabetically
Scroll down, right-click and select 'End Process' on the following entries if they exist as some may have been removed by our earlier actions.
OK any warnings.
If you cannot find the name, do not worry - just move on to the next one. As the PC is in Safe Mode some of these processes may not have started.
dfndrff_e26.exe
eiRecvr.exe
nwnmff_e26.exe

Close Task Manager

5 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\yayawwv.dll
O2 - BHO: (no name) - {9B088994-6B3F-4E52-BC8B-37F2E0530DFC} - C:\WINDOWS\System32\pmkjg.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e26.exe
O18 - Protocol: offline-8876480 - {9D2062D2-E743-426F-A71F-290E95B36181} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\idagehlp.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dhserver.dll (file missing)
O20 - Winlogon Notify: yayawwv - C:\WINDOWS\SYSTEM32\yayawwv.dll
O23 - Service: Windows Windows Sheduler (Microsoft Windows Scheduled Tasker) - Unknown owner - C:\WINDOWS\eiRecvr.exe


Close all windows except HijackThis
Select Fix Checked in HijackThis.

6 - Delete suspect files/folders
Using Windows Explorer, browse for the following files/folders and delete as instructed
NB Please look carefully for each file but note that some files may have already been deleted by earlier actions so don't worry if you do not see them:

C:\dfndrff_e26.exe <== This file only
C:\drsmartload.exe <== This file only
C:\drsmartload45a45a45s.exe <== This file only
C:\Installer4.exe <== This file only
C:\MTE3NDI6ODoxNgnew.exe <== This file only
C:\MTE3NDI6ODoxNgV2.exe <== This file only
C:\nwnmff_e26.exe <== This file only
C:\RDFX4.exe <== This file only
C:\ucmoreiex.exe <== This file only
C:\wacky.exe <== This file only
C:\warebundlenewer.exe <== This file only

C:\Program Files\TheSearchAccelerator <== This folder only

C:\WINDOWS\eiRecvr.exe <== This file only

C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe <== This file only

C:\WINDOWS\SYSTEM32\awtqnkh.dll <== This file only
C:\WINDOWS\SYSTEM32\awtrspn.dll <== This file only
C:\WINDOWS\SYSTEM32\awturst.dll <== This file only
C:\WINDOWS\SYSTEM32\byxvuuu.dll <== This file only
C:\WINDOWS\SYSTEM32\dhserver.dll <== This file only
C:\WINDOWS\SYSTEM32\djuiext.dll <== This file only
C:\WINDOWS\SYSTEM32\fccdcab.dll <== This file only
C:\WINDOWS\SYSTEM32\fccyxxv.dll <== This file only
C:\WINDOWS\SYSTEM32\hggggfc.dll <== This file only
C:\WINDOWS\SYSTEM32\i <== This file only
C:\WINDOWS\SYSTEM32\ljjklmk.dll <== This file only
C:\WINDOWS\SYSTEM32\qkmdaqcx.dll <== This file only
C:\WINDOWS\SYSTEM32\rqrroli.dll <== This file only
C:\WINDOWS\SYSTEM32\ssqnmkk.dll <== This file only
C:\WINDOWS\SYSTEM32\ssqnnkj.dll <== This file only
C:\WINDOWS\SYSTEM32\ssqqolm.dll <== This file only
C:\WINDOWS\SYSTEM32\ssqqqpp.dll <== This file only
C:\WINDOWS\SYSTEM32\tuvuurp.dll <== This file only
C:\WINDOWS\SYSTEM32\urqqpmk.dll <== This file only
C:\WINDOWS\SYSTEM32\wvutssr.dll <== This file only
C:\WINDOWS\SYSTEM32\yayawwv.dll <== This file only

C:\WINDOWS\SYSTEM32\config\drpep.exe <== This file only

Using Start > Search > All Files and Folders
Enter SysTray.Exe in the 'All or part of file name' box
Select C: in the 'Look in' dropdown box
Click Search Now
When the search has finished, right-click on the first file name found and select Properties and the Version tab
If the file is not a Microsoft file, delete it by clicking Cancel then right-clicking the file name and selecting delete.
Repeat this for all copies of SysTray.exe found.
Note: There may be two legitimate Microsoft copies of the file on your PC. One in C:\Windows\System32 and one in C:\Windows\System32\dllcache

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Reboot your PC normally

7 - Kaspersky Online Scan
Please do another online scan with >Kaspersky Online Scanner<.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
8 - Check on status
After you have completed the above, please provide:
  • the Kaspersky Scan report
  • a new HijackThis log
Remember, if you can, it's worth printing these instructions out before you start.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware