Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running So Slow


  • Please log in to reply
3 replies to this topic

#1 caleman22

caleman22

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 February 2006 - 10:59 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:55:00 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\USER\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bbolwdxtavyintpt.com/RMFyLao1Hy...RSvcJins1vb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.excite.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: run=
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6B4E8567-22E6-0216-83F1-11C2B88ADBF1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WARN OPEN BASH BIN] C:\Documents and Settings\All Users\Application Data\Proxyeachwarnopen\Data vc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Nurb Eq] C:\DOCUME~1\USER\APPLIC~1\CLOSES~1\Fork glue aim.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {77E7EDC5-75B2-4953-89AB-B572AD91EC94} - http://home.excite.ca (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.excite.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rc.messenger.msn.com/rockstar.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: bw+0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


hello, i'm trying to fix this computer for my girlfriend and her family. i need your expertise. i am computer literate and have received help from people here before...
thanks

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 05 February 2006 - 08:45 PM

Add remove programs remove

Logitech desktop messenger
Messenger Plus 3 - gave you a LOP infection

=============

DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
==============
Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
===============
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 February 2006 - 12:17 AM

********
9:06 PM: | Start of Session, Monday, February 13, 2006 |
9:06 PM: Spy Sweeper started
9:06 PM: Sweep initiated using definitions version 556
9:06 PM: Starting Memory Sweep
9:26 PM: Memory Sweep Complete, Elapsed Time: 00:20:06
9:26 PM: Starting Registry Sweep
9:29 PM: Found Adware: 7adpower
9:29 PM: HKCR\clsid\{683dff0f-331f-44d2-b69b-46d7bfb58f32}\ (27 subtraces) (ID = 102119)
9:29 PM: HKCR\interface\{2ea1055f-fe04-4829-acc6-7c7c781351a5}\ (8 subtraces) (ID = 102133)
9:29 PM: HKCR\interface\{d06f1c03-4c60-46fd-b92b-b8a12ab7a967}\ (8 subtraces) (ID = 102151)
9:29 PM: HKLM\software\classes\clsid\{683dff0f-331f-44d2-b69b-46d7bfb58f32}\ (27 subtraces) (ID = 102169)
9:29 PM: HKLM\software\classes\interface\{2ea1055f-fe04-4829-acc6-7c7c781351a5}\ (8 subtraces) (ID = 102191)
9:29 PM: HKLM\software\classes\interface\{d06f1c03-4c60-46fd-b92b-b8a12ab7a967}\ (8 subtraces) (ID = 102211)
9:29 PM: HKLM\software\classes\typelib\{fa170881-8e8e-4804-b469-6937307d70a6}\ (9 subtraces) (ID = 102234)
9:29 PM: HKLM\software\classes\vacpro.canada_ver3\ (3 subtraces) (ID = 102238)
9:29 PM: HKCR\typelib\{fa170881-8e8e-4804-b469-6937307d70a6}\ (9 subtraces) (ID = 102279)
9:29 PM: HKCR\vacpro.canada_ver3\ (3 subtraces) (ID = 102283)
9:29 PM: Found Adware: blazefind
9:29 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (3 subtraces) (ID = 104552)
9:29 PM: Found Adware: comet cursor
9:29 PM: HKCR\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106471)
9:29 PM: HKCR\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106505)
9:29 PM: HKLM\software\classes\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106652)
9:29 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106682)
9:29 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\proxystubclsid32\ (1 subtraces) (ID = 106683)
9:29 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\typelib\ (2 subtraces) (ID = 106684)
9:29 PM: Found Adware: 180search assistant/zango
9:29 PM: HKLM\software\180solutions\ (ID = 135618)
9:29 PM: Found Adware: abetterinternet
9:29 PM: HKCR\interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}\ (8 subtraces) (ID = 145806)
9:29 PM: HKLM\software\classes\interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}\ (8 subtraces) (ID = 145883)
9:30 PM: HKU\WRSS_Profile_S-1-5-21-861567501-1078145449-1202660629-1006\software\180solutions\ (16 subtraces) (ID = 135617)
9:30 PM: HKU\WRSS_Profile_S-1-5-21-861567501-1078145449-1202660629-1006\software\msbb\ (3 subtraces) (ID = 135781)
9:30 PM: HKU\WRSS_Profile_S-1-5-21-861567501-1078145449-1202660629-1006\software\localnrd\ (30 subtraces) (ID = 145919)
9:30 PM: Found Adware: webrebates
9:30 PM: HKU\WRSS_Profile_S-1-5-21-861567501-1078145449-1202660629-1006\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
9:30 PM: Found Adware: xupiter toolbar
9:30 PM: HKU\WRSS_Profile_S-1-5-21-861567501-1078145449-1202660629-1006\software\xupiter\ (ID = 147735)
9:30 PM: HKU\S-1-5-21-861567501-1078145449-1202660629-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {fe6bc4ef-5676-484b-88ae-883323913256} (ID = 106731)
9:30 PM: Found Adware: lopdotcom
9:30 PM: HKU\S-1-5-21-861567501-1078145449-1202660629-1004\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)
9:30 PM: HKU\S-1-5-21-861567501-1078145449-1202660629-1004\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)
9:30 PM: HKU\S-1-5-21-861567501-1078145449-1202660629-1004\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)
9:30 PM: HKU\S-1-5-21-861567501-1078145449-1202660629-1004\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)
9:30 PM: Registry Sweep Complete, Elapsed Time:00:03:40
9:30 PM: Starting Cookie Sweep
9:30 PM: Found Spy Cookie: 2o7.net cookie
9:30 PM: curtis@2o7[1].txt (ID = 1957)
9:30 PM: Found Spy Cookie: abetterinternet cookie
9:30 PM: curtis@abetterinternet[1].txt (ID = 2035)
9:30 PM: Found Spy Cookie: hbmediapro cookie
9:30 PM: curtis@adopt.hbmediapro[1].txt (ID = 2768)
9:30 PM: Found Spy Cookie: adrevolver cookie
9:30 PM: curtis@adrevolver[2].txt (ID = 2088)
9:30 PM: Found Spy Cookie: 180solutions cookie
9:30 PM: curtis@ads.180solutions[1].txt (ID = 1934)
9:30 PM: Found Spy Cookie: addynamix cookie
9:30 PM: curtis@ads.addynamix[2].txt (ID = 2062)
9:30 PM: Found Spy Cookie: pointroll cookie
9:30 PM: curtis@ads.pointroll[2].txt (ID = 3148)
9:30 PM: Found Spy Cookie: bpath cookie
9:30 PM: curtis@ads18.bpath[1].txt (ID = 2321)
9:30 PM: Found Spy Cookie: internetfuel cookie
9:30 PM: curtis@adserv.internetfuel[2].txt (ID = 2874)
9:30 PM: Found Spy Cookie: adultfriendfinder cookie
9:30 PM: curtis@adultfriendfinder[1].txt (ID = 2165)
9:30 PM: Found Spy Cookie: advertising cookie
9:30 PM: curtis@advertising[2].txt (ID = 2175)
9:30 PM: Found Spy Cookie: atlas dmt cookie
9:30 PM: curtis@atdmt[2].txt (ID = 2253)
9:30 PM: Found Spy Cookie: atwola cookie
9:30 PM: curtis@atwola[1].txt (ID = 2255)
9:30 PM: Found Spy Cookie: lopdotcom cookie
9:30 PM: curtis@ayb.lop[1].txt (ID = 2934)
9:30 PM: Found Spy Cookie: a cookie
9:30 PM: curtis@a[2].txt (ID = 2027)
9:30 PM: Found Spy Cookie: belnk cookie
9:30 PM: curtis@belnk[1].txt (ID = 2292)
9:30 PM: curtis@bins.lop[1].txt (ID = 2937)
9:30 PM: curtis@bis.180solutions[1].txt (ID = 1929)
9:30 PM: curtis@bisads.180solutions[2].txt (ID = 1931)
9:30 PM: Found Spy Cookie: bluestreak cookie
9:30 PM: curtis@bluestreak[1].txt (ID = 2314)
9:30 PM: Found Spy Cookie: bs.serving-sys cookie
9:30 PM: curtis@bs.serving-sys[1].txt (ID = 2330)
9:30 PM: Found Spy Cookie: burstnet cookie
9:30 PM: curtis@burstnet[2].txt (ID = 2336)
9:30 PM: Found Spy Cookie: casalemedia cookie
9:30 PM: curtis@casalemedia[2].txt (ID = 2354)
9:30 PM: Found Spy Cookie: centrport net cookie
9:30 PM: curtis@centrport[1].txt (ID = 2374)
9:30 PM: Found Spy Cookie: cliks cookie
9:30 PM: curtis@cliks[2].txt (ID = 2414)
9:30 PM: Found Spy Cookie: commission junction cookie
9:30 PM: curtis@commission-junction[1].txt (ID = 2455)
9:30 PM: Found Spy Cookie: hitslink cookie
9:30 PM: curtis@counter.hitslink[1].txt (ID = 2790)
9:30 PM: curtis@dist.belnk[2].txt (ID = 2293)
9:30 PM: Found Spy Cookie: localnrd cookie
9:30 PM: curtis@drk.localnrd[2].txt (ID = 2933)
9:30 PM: Found Spy Cookie: ru4 cookie
9:30 PM: curtis@edge.ru4[2].txt (ID = 3269)
9:30 PM: Found Spy Cookie: excite cookie
9:30 PM: curtis@excite[1].txt (ID = 2631)
9:30 PM: Found Spy Cookie: exitexchange cookie
9:30 PM: curtis@exitexchange[1].txt (ID = 2633)
9:30 PM: Found Spy Cookie: exitfuel cookie
9:30 PM: curtis@exitfuel[1].txt (ID = 2635)
9:30 PM: Found Spy Cookie: fastclick cookie
9:30 PM: curtis@fastclick[1].txt (ID = 2651)
9:30 PM: Found Spy Cookie: gator cookie
9:30 PM: curtis@gator[2].txt (ID = 2722)
9:30 PM: curtis@home.excite[2].txt (ID = 2632)
9:30 PM: Found Spy Cookie: hotlog cookie
9:30 PM: curtis@hotlog[1].txt (ID = 2801)
9:30 PM: curtis@images.lop[1].txt (ID = 2937)
9:30 PM: Found Spy Cookie: netster cookie
9:30 PM: curtis@is.netster[1].txt (ID = 3072)
9:30 PM: Found Spy Cookie: kount cookie
9:30 PM: curtis@kount[2].txt (ID = 2911)
9:30 PM: Found Spy Cookie: maxserving cookie
9:30 PM: curtis@maxserving[1].txt (ID = 2966)
9:30 PM: Found Spy Cookie: revenue.net cookie
9:30 PM: curtis@mediatrack.revenue[2].txt (ID = 3258)
9:30 PM: Found Spy Cookie: offeroptimizer cookie
9:30 PM: curtis@offeroptimizer[1].txt (ID = 3087)
9:30 PM: Found Spy Cookie: outster cookie
9:30 PM: curtis@outster[1].txt (ID = 3103)
9:30 PM: Found Spy Cookie: mircx cookie
9:30 PM: curtis@pop.mircx[2].txt (ID = 2998)
9:30 PM: Found Spy Cookie: qsrch cookie
9:30 PM: curtis@qckvis.qsrch[2].txt (ID = 3216)
9:30 PM: Found Spy Cookie: qksrv cookie
9:30 PM: curtis@qksrv[1].txt (ID = 3213)
9:30 PM: Found Spy Cookie: questionmarket cookie
9:30 PM: curtis@questionmarket[1].txt (ID = 3217)
9:30 PM: Found Spy Cookie: realmedia cookie
9:30 PM: curtis@realmedia[1].txt (ID = 3235)
9:30 PM: curtis@revenue[1].txt (ID = 3257)
9:30 PM: Found Spy Cookie: servedby advertising cookie
9:30 PM: curtis@servedby.advertising[1].txt (ID = 3335)
9:30 PM: Found Spy Cookie: smni cookie
9:30 PM: curtis@smni[2].txt (ID = 3389)
9:30 PM: curtis@srch.lop[2].txt (ID = 2937)
9:30 PM: Found Spy Cookie: statcounter cookie
9:30 PM: curtis@statcounter[1].txt (ID = 3447)
9:30 PM: Found Spy Cookie: trafficmp cookie
9:30 PM: curtis@trafficmp[1].txt (ID = 3581)
9:30 PM: Found Spy Cookie: tribalfusion cookie
9:30 PM: curtis@tribalfusion[2].txt (ID = 3589)
9:30 PM: Found Spy Cookie: tripod cookie
9:30 PM: curtis@tripod[2].txt (ID = 3591)
9:30 PM: Found Spy Cookie: realtracker cookie
9:30 PM: curtis@web4.realtracker[1].txt (ID = 3242)
9:30 PM: Found Spy Cookie: webpower cookie
9:30 PM: curtis@webpower[1].txt (ID = 3660)
9:30 PM: Found Spy Cookie: burstbeacon cookie
9:30 PM: curtis@www.burstbeacon[1].txt (ID = 2335)
9:30 PM: curtis@www.excite[2].txt (ID = 2632)
9:30 PM: Found Spy Cookie: x10 cookie
9:30 PM: curtis@x10[1].txt (ID = 3711)
9:30 PM: Found Spy Cookie: adserver cookie
9:30 PM: curtis@z1.adserver[1].txt (ID = 2142)
9:30 PM: Found Spy Cookie: zedo cookie
9:30 PM: curtis@zedo[2].txt (ID = 3762)
9:30 PM: user@realmedia[1].txt (ID = 3235)
9:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
9:30 PM: Starting File Sweep
9:31 PM: Found Adware: bullguard popup ad
9:31 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
9:31 PM: c:\documents and settings\curtis\local settings\temp\delete.me (2 subtraces) (ID = -2147480650)
9:31 PM: Found Adware: gain-supported software
9:31 PM: c:\documents and settings\curtis\local settings\temp\fsg_tmp (2 subtraces) (ID = -2147480935)
9:33 PM: canada_ver3.inf (ID = 48423)
9:36 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365245.exe". Access is denied
9:36 PM: Found Adware: winantispyware 2005
9:36 PM: a0368469.dll (ID = 119203)
9:39 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365246.exe". Access is denied
9:40 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365241.exe". Access is denied
9:40 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365227.exe". Access is denied
9:41 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365242.exe". Access is denied
9:41 PM: bulldownload.exe (ID = 52017)
9:41 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365229.exe". Access is denied
9:42 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365226.exe". Access is denied
9:42 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365235.exe". Access is denied
9:42 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365228.exe". Access is denied
9:42 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365244.exe". Access is denied
9:42 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365231.exe". Access is denied
9:43 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365234.exe". Access is denied
9:43 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365236.exe". Access is denied
9:43 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365240.exe". Access is denied
9:45 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365230.exe". Access is denied
9:45 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365238.exe". Access is denied
9:46 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365232.exe". Access is denied
9:47 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365233.exe". Access is denied
9:49 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365237.exe". Access is denied
9:50 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365239.exe". Access is denied
9:50 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365243.exe". Access is denied
9:51 PM: Warning: Failed to open file "c:\system volume information\_restore{7aa4ea3f-37a5-4338-9df4-58b85616b85f}\rp922\a0365247.exe". Access is denied
10:04 PM: Found Adware: riviera gold casino
10:04 PM: riviera gold casino.url (ID = 73847)
10:05 PM: Found Adware: ipinsight
10:05 PM: conscorr.ini (ID = 64264)
10:07 PM: satmat.ini (ID = 83499)
10:07 PM: satmat.inf (ID = 83498)
10:07 PM: msbbau.dat (ID = 70624)
10:07 PM: conscorr.inf (ID = 64277)
10:07 PM: Warning: Unhandled Archive Type
10:07 PM: Warning: Unhandled Archive Type
10:07 PM: Warning: Invalid file - not a PKZip file
10:07 PM: Found Adware: java byteverify
10:07 PM: counter.jpg-2a9bf8b-13f40873.zip (ID = 64824)
10:07 PM: Warning: Invalid file - not a PKZip file
10:07 PM: arc.zip-1fac5625-186cbaaf.zip (ID = 64824)
10:07 PM: Warning: Invalid file - not a PKZip file
10:07 PM: Warning: Invalid file - not a PKZip file
10:07 PM: Warning: Unhandled Archive Type
10:08 PM: Warning: Invalid file - not a PKZip file
10:08 PM: Warning: Invalid file - not a PKZip file
10:08 PM: Warning: Unhandled Archive Type
10:08 PM: Warning: Unhandled Archive Type
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid Stream
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: Warning: Invalid file - not a PKZip file
10:12 PM: File Sweep Complete, Elapsed Time: 00:42:20
10:12 PM: Full Sweep has completed. Elapsed time 01:06:27
10:12 PM: Traces Found: 329
11:10 PM: Removal process initiated
11:11 PM: Quarantining All Traces: lopdotcom
11:11 PM: Quarantining All Traces: abetterinternet
11:11 PM: Quarantining All Traces: 180search assistant/zango
11:11 PM: Quarantining All Traces: 7adpower
11:11 PM: Quarantining All Traces: blazefind
11:11 PM: Quarantining All Traces: bullguard popup ad
11:11 PM: Quarantining All Traces: comet cursor
11:11 PM: Quarantining All Traces: gain-supported software
11:11 PM: Quarantining All Traces: ipinsight
11:11 PM: Quarantining All Traces: java byteverify
11:11 PM: Quarantining All Traces: riviera gold casino
11:11 PM: Quarantining All Traces: webrebates
11:11 PM: Quarantining All Traces: winantispyware 2005
11:11 PM: Quarantining All Traces: xupiter toolbar
11:11 PM: Quarantining All Traces: 180solutions cookie
11:11 PM: Quarantining All Traces: 2o7.net cookie
11:11 PM: Quarantining All Traces: a cookie
11:11 PM: Quarantining All Traces: abetterinternet cookie
11:11 PM: Quarantining All Traces: addynamix cookie
11:11 PM: Quarantining All Traces: adrevolver cookie
11:11 PM: Quarantining All Traces: adserver cookie
11:11 PM: Quarantining All Traces: adultfriendfinder cookie
11:11 PM: Quarantining All Traces: advertising cookie
11:11 PM: Quarantining All Traces: atlas dmt cookie
11:11 PM: Quarantining All Traces: atwola cookie
11:11 PM: Quarantining All Traces: belnk cookie
11:11 PM: Quarantining All Traces: bluestreak cookie
11:11 PM: Quarantining All Traces: bpath cookie
11:11 PM: Quarantining All Traces: bs.serving-sys cookie
11:11 PM: Quarantining All Traces: burstbeacon cookie
11:11 PM: Quarantining All Traces: burstnet cookie
11:11 PM: Quarantining All Traces: casalemedia cookie
11:11 PM: Quarantining All Traces: centrport net cookie
11:11 PM: Quarantining All Traces: cliks cookie
11:11 PM: Quarantining All Traces: commission junction cookie
11:11 PM: Quarantining All Traces: excite cookie
11:11 PM: Quarantining All Traces: exitexchange cookie
11:11 PM: Quarantining All Traces: exitfuel cookie
11:11 PM: Quarantining All Traces: fastclick cookie
11:11 PM: Quarantining All Traces: gator cookie
11:11 PM: Quarantining All Traces: hbmediapro cookie
11:11 PM: Quarantining All Traces: hitslink cookie
11:11 PM: Quarantining All Traces: hotlog cookie
11:11 PM: Quarantining All Traces: internetfuel cookie
11:11 PM: Quarantining All Traces: kount cookie
11:11 PM: Quarantining All Traces: localnrd cookie
11:11 PM: Quarantining All Traces: lopdotcom cookie
11:11 PM: Quarantining All Traces: maxserving cookie
11:11 PM: Quarantining All Traces: mircx cookie
11:11 PM: Quarantining All Traces: netster cookie
11:11 PM: Quarantining All Traces: offeroptimizer cookie
11:11 PM: Quarantining All Traces: outster cookie
11:11 PM: Quarantining All Traces: pointroll cookie
11:11 PM: Quarantining All Traces: qksrv cookie
11:11 PM: Quarantining All Traces: qsrch cookie
11:11 PM: Quarantining All Traces: questionmarket cookie
11:11 PM: Quarantining All Traces: realmedia cookie
11:11 PM: Quarantining All Traces: realtracker cookie
11:11 PM: Quarantining All Traces: revenue.net cookie
11:11 PM: Quarantining All Traces: ru4 cookie
11:11 PM: Quarantining All Traces: servedby advertising cookie
11:11 PM: Quarantining All Traces: smni cookie
11:11 PM: Quarantining All Traces: statcounter cookie
11:11 PM: Quarantining All Traces: trafficmp cookie
11:11 PM: Quarantining All Traces: tribalfusion cookie
11:11 PM: Quarantining All Traces: tripod cookie
11:11 PM: Quarantining All Traces: webpower cookie
11:11 PM: Quarantining All Traces: x10 cookie
11:11 PM: Quarantining All Traces: zedo cookie
11:12 PM: Removal process completed. Elapsed time 00:01:05
********
9:05 PM: | Start of Session, Monday, February 13, 2006 |
9:05 PM: Spy Sweeper started
9:05 PM: Sweep initiated using definitions version 556
9:05 PM: Sweep Canceled
9:05 PM: Traces Found: 0
9:06 PM: Updating spyware definitions
9:06 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:06 PM: | End of Session, Monday, February 13, 2006 |
********
9:03 PM: | Start of Session, Monday, February 13, 2006 |
9:03 PM: Spy Sweeper started
9:03 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:04 PM: Updating spyware definitions
9:04 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:05 PM: Updating spyware definitions
9:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:05 PM: | End of Session, Monday, February 13, 2006 |



Logfile of HijackThis v1.99.1
Scan saved at 11:16:09 PM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\USER\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6B4E8567-22E6-0216-83F1-11C2B88ADBF1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CamCheck] C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {77E7EDC5-75B2-4953-89AB-B572AD91EC94} - http://home.excite.ca (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rc.messenger.msn.com/rockstar.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: bw+0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE311C70-8EE1-4885-AA4C-B25860D84259} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 February 2006 - 11:30 AM

Add remove programs – Remove logitech desktop messenger – If after a reboot of the system those O18 entries are still there fix thme with HiJack

Fix these with HJT – mark them, close IE, click fix checked

F3 - REG:win.ini: run=

O2 - BHO: (no name) - {6B4E8567-22E6-0216-83F1-11C2B88ADBF1} - (no file)

O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users