Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyaxe assitance please!!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spyaxe assitance please!!!!

Unread postby Above82 » December 16th, 2005, 8:18 am

Hi all,

I am new to this board and mighty frustrated with this Spyaxe business. I am not sure if I need to post some registry information or something before someone can help but I need it badly.

I cant rid my computer of it. :evil:

Please tell me what I need to do first!

thanks :)
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am
Advertisement
Register to Remove

Unread postby amateur » December 16th, 2005, 8:29 am

Hi Above 82, :)

Welcome to MRU. :) Follow the instructions below and we'll be happy to help you.
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 16th, 2005, 5:48 pm

thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 4:44:44 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ

Firewall\ca.exe
C:\Program Files\Common

Files\AOL\1104164512\ee\AOLHostManager.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust

Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common

Files\AOL\1104164512\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and

Settings\Mariannes\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.dell4me.com/myway
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO -

{1ca480cd-c0e5-4548-874e-b85b17905b3a} -

C:\WINDOWS\system32\hp5BC5.tmp
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN

Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [PCMService] "C:\Program

Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program

Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program

Files\Common

Files\AOL\1104164512\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program

Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program

Files\CA\eTrust EZ Armor\eTrust

Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [GNP Generic Host Process]

C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program

Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell

Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search -

res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbaredi ... search.jht

ml?p=ZNxdm801YYUS
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player -

{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file

missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug -

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program

Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF}

(iPIX ActiveX Control) -

http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA}

(TGOnlineCtrl Class) -

http://zone.msn.com/bingame/pacz/default/pandaonline.ca

b
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupD

ownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}

(TikGames Online Control) -

http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

(PopCapLoader Object) -

http://zone.msn.com/bingame/dim2/default/popcaploader_

v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5}

(MsnMusicAx Class) -

https://music.msn.com/client/msnmusax3503.cab
O18 - Protocol: bw+0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -

{A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier -

C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America

Online - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL

TopSpeedMonitor) - America Online, Inc - C:\Program

Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark

International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown

owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager

(mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine

(MCVSRte) - Networks Associates Technology, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)

Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) -

Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone

Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service

(WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby Above82 » December 16th, 2005, 5:50 pm

oh and dont know if you need to know this..

if i go to get on internet explorer i am automatically being directed to a website that says needupdate.com

i cant set my homepage back to default..it keeps going back.
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby amateur » December 16th, 2005, 5:57 pm

Hi Above82, :)


Thanks for the log, but it is very difficult to read. Please post a new one and be sure that in Notepad, click on format and make sure that "word wrap" is checked. Thank you. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 16th, 2005, 6:00 pm

yes its checked. is there something else i can do to make it more legible?
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby amateur » December 16th, 2005, 6:14 pm

Hmmm. Try it unchecked.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 16th, 2005, 6:15 pm

hope its better


Logfile of HijackThis v1.99.1
Scan saved at 4:44:44 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Common Files\AOL\1104164512\ee\AOLHostManager.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1104164512\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mariannes\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp5BC5.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104164512\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm801YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/defaul ... online.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3503.cab
O18 - Protocol: bw+0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A804CF58-C22A-4668-8222-3F7220047EB1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby amateur » December 16th, 2005, 6:16 pm

Yes, this is better. :D I'll have do a research on each of the items in the log so it may take some time. Hang in there, and I'll be back with some suggestions. Thanks for being patient.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 16th, 2005, 6:26 pm

its fine, im patient and appreciate the help!
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby amateur » December 17th, 2005, 1:27 pm

Hi Above 82 :) ,

Thanks for your patience. You have several issues. :( We'll deal with some of them later.

I am going to ask you to download some programs. Do not run them yet. We'll do that later.

If there's anything that you don't understand, please ask before you proceed with the fixes. Please read carefully and then print these instructions so that you'll have access to them later when you are in Safe Mode.

Trial version of Ewido Security Suite 3.5 from here:

" Install Ewido Security Suite.
" When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
" When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
" The program will prompt you to update. Click the Ok button.
" The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
" On the left-hand side of the main screen click the Update Button.
" Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link Ewido manual updates to manually update ewido.
Make sure to close Ewido before installing the update.

When you have finished updating, EXIT Ewido.
======================================
Place a shortcut to Panda ActiveScan on your desktop.
======================================

SmitRem Fix Version 2.8
Double click on the file to extract it to it's own folder on the desktop. Do not run it yet.
======================================

Ccleaner

======================================
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.

" Open Spysweeper and click on Options > Program Options.
" Uncheck "load at windows startup".
" On the left click "shields" and then uncheck everything there.
" Uncheck "home page shield".
" Uncheck "automatically restore default without notification".
" Exit the program.
" Leave it disabled until we are finished here.
======================================

Reboot in Safe Mode by restarting your computer and after the first 'beep' begin tapping on the F8 key. A black menu page will appear.
Use your arrow keys to choose Safe Mode (without networking!)
Click on the Enter key.
Your desktop will appear, although it will be very distorted. The words Safe Mode will be on each corner of the desktop.

======================================

We need to show hidden files and folders.

Click Start>Control Panel>Folder Options and double click.
Under the View tab scroll down to Hidden Files and Folders
Check Show hidden files and folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended} Say Yes
Click Apply and click OK

You will be prompted to reboot... choose NO
Close out of the Control Panel

========================================

Run HijackThis and place a check next to the following entries :

R3 - Default URLSearchHook is missing

O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp5BC5.tmp

O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINDOWS\system\svchost.exe

Close all other windows except HijackThis, click on the Fix Checked button. Close HJT. Stay on Safe Mode

=========================================

Open the SmitRem folder, double-click on the the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Please post that log along with all others requested in your next reply.

=========================================

Still in Safe mode, run Ewido with it's updated definitions:(...it's important that all windows must be closed and that you are still in Safe Mode.)
Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
"Perform action on all infections"
Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop. Stay in Safe Mode.

==========================================
On your keyboard, click on the Windows key and the E key to bring up your Windows Explorer. Click to expand the C:/ drive, navigate to and delete the following files, in bold, if found:

C:\WINDOWS\system32\hp5BC5.tmp Note: this may have changed names. Look in the System32 Folder for any hpxxx.tmp files and delete them all
C:\WINDOWS\system\svchost.exe Note: (not the one in system32)

==========================================
While you still have your Windows Explorer open, scroll through the C:\Windows to the Prefetch folder. Open the folder. Go to Edit>Select All and delete the contents of the folder. Close Windows Explorer.
Empty your recycle bin.

==========================================
Reboot in Normal Mode.

After the reboot, on a clear spot on your desktop, right-click and choose Properties
Under the Desktop tab, click on Customize Desktop
Click on Web tab and uncheck/delete Security Info if present
Click OK
Click Apply and then click OK

==========================================

I see three antivirus programs running on your computer: eTrust, AVG and McAfee. That's not a good idea. When you have more than one antivirus, they conflict with each other leaving the computer vulnerable and unstable. You'll need to decide on only ONE resident antivirus and uninstall/remove/deactivate/disable the others. The same goes for the firewalls too: One antivirus, one firewall

You can go to Start>Control Panel>Add/Remove Programs and remove the ones you don't want. While you are at the Add/Remove Programs, there are a couple more programs that I would like you to consider removing:

Mywebsearch

You are running MyWebSearch (or MyBar). Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search among other things to your browser. This is not to be confused with the IBIS Web Search toolbar. MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.

Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware, although they are deemed spyware safe by Aluria Software who created a Spyware SAFE Certification.

The MySearch and MyWay variants have been bundled with Grokster, Morpheus, WeatherBug, and software from mgshareware.com. MySearch has also been installed by the FavoriteMan parasite. The MyWeb variant is bundled with software (Popswatter, SmileyCentral, My Mail Stamp) from “Fun Web Productsâ€
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 17th, 2005, 5:23 pm

thanks for replying so quickly!

ok, ive downloaded the programs.

do i start the process or wait for further instruction?
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby Above82 » December 17th, 2005, 6:03 pm

while i was waiting for a reply i uninstalled some programs you recommended..

ea trust/pest patro and firewall

mcafee/ i never had used it anyhow, it came with the computer.

viewpoint messenger

logitech messenger

the others were not there...

mywebsearch
fun web/my search/ my way, my web
weatherbug.

none of those seemed to be on the list...
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am

Unread postby amateur » December 17th, 2005, 7:22 pm

Please continue with the instructions, following the sequence given therein. You've already uninstalled some of the programs, so, when you reach the Add/Remove Program part, you can go ahead and remove McAfee as well and continue to finish it as instructed.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Above82 » December 17th, 2005, 8:48 pm

these are the reports i was to post...


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 12/17/2005
The current time is: 18:40:03.42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
mscornet.exe


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)






---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:37:47 PM, 12/17/2005
+ Report-Checksum: B7461629

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1502959551-3036824582-3627845605-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Mariannes\Application Data\Mozilla\Firefox\Profiles\huvyio6e.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mariannes\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-762d722b-25e7d5a5.class -> Downloader.Small.wv : Cleaned with backup
C:\Documents and Settings\Mariannes\Cookies\mariannes@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mariannes\Cookies\mariannes@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mariannes\Desktop\backups\backup-20051217-183801-565.dll -> Downloader.Zlob.co : Cleaned with backup
C:\Downloads\moisdne-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\FileSubmit\Autumn Daze\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\Autumn Daze\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\SYSTEM\sup.bat -> Trojan.Zapchas.F : Cleaned with backup
C:\WINDOWS\SYSTEM\sup.reg -> Backdoor.Zapchast : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup


::Report End
Above82
Regular Member
 
Posts: 27
Joined: December 16th, 2005, 8:14 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware