Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
4 replies to this topic

#1 Nojoy

Nojoy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 22 September 2006 - 07:19 PM

So my computer has been acting up; running slowly and freezing not long after it start it up. My Ad-Aware and PC-cillion scans didn't pick anything up but I'm sure I have something so I did a Hijackthis scan

Le voila
Logfile of HijackThis v1.99.1
Scan saved at 7:29:04 PM, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
E:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
E:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Aidan\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] e:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Help. Thanks

BC AdBot (Login to Remove)

 


#2 Nojoy

Nojoy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 23 September 2006 - 07:46 AM

Oh sorry for the mixup. Where it said "NO Hijackthis logs should be posted here", I read "Hijackthis logs should be posted here". I'm dislexic....... Hehe......

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:30 PM

Posted 27 September 2006 - 03:02 PM

Welcome to the Bleeping Computer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:30 PM

Posted 27 September 2006 - 05:05 PM

I did not see any malware in your log. I have some suggestions.

Step 1

There are several reasons for putting HijackThis into its own folder.
  • HijackThis is an analysis AND a repair tool. When you fix something in HijackThis, you are deleting a bad entry in the Windows Registry. In case of a mistake being made, there is a reversal for line entry deletions. HijackThis creates a new file which is a backup log of changes and you can reverse the line entry deletion. BUT...HijackThis needs a safe folder to keep these critical backup logs and a temp folder is definitely not safe as you might run Disk Cleanup and delete them.
  • If you save HijackThis to your desktop, you may easily lose track of the backup log in the wallpaper area (or someone might delete the backup file by dragging it to the Recycle Bin).
  • If you run HijackThis from a zip folder, backups may not be made.
  • If you run HijackThis from a Local Settings Temporary folder in XP or Windows 2000, when you post for help on a forum, the resulting text log will usually show your full name in a line entry since your Windows user profile is commonly named with your full name. When you copy and paste your log, HijackThis provides a line entry showing the path to its running folder. If you use another folder like HijackThis in the root of the C: drive (as recommended) then your Profile Name will NOT be displayed in the log.
  • Please place HJT into ITS OWN PERMANANT FOLDER.
    • You can do this by going to My Computer (Windows key+e).
    • Double click on C:
    • If the folder is hidden, click on show the contents of this folder.
    • Right-click on a blank space in the right column and select New > Folder
    • Name it HJT (C:\HJT\HijackThis.exe)
    • Move HijackThis.exe into this folder.
    • When you run HijackThis.exe from the "C:\HJT" folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.
  • If needed, HijackThis Folder Tutorial
Another way to do this is: Please download HijackThis Self-installer
  • This is the easiest way to install HijackThis to your computer
  • This is a complete installer that installs HijackThis on the computer to C:\Program Files\HijackThis.
  • It makes an entry in the start menu.
  • It allows you to have a shortcut on your desktop as well.
  • HijackThis is currently at Version 1.99.1 released on 16.02.2005.
  • It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
Step 2

Please download Spybot S&D

Using Spybot Search and Destroy To Remove Spyware From Your Computer Please check this link for instructions on how to download, install and use Spybot S&D. Run this program as soon as possible.

Step 3

Download and Install Ewido

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download ewido anti-spyware
  • Install ewido anti-spyware.
  • When installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
  • Launch ewido, there should be an ewido icon on your desktop, double-click it.
  • The program will prompt you to update; click the OK button
  • The program will now go to the main screen
  • On the left hand side of the main screen, click update
  • Click on Start
    The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
    Note: ewido is a free trial product for 30 days. Since ewido is a trial version, the realtime guard and automatic update will stop functioning after 30 days (which is the reason we uncheck them during installation). You can use ewido as an on demand scanner (recommended) but you will have to manually update the definition file each time you scan by clicking on “Update” and “Start Update”.
    If you decide to purchase ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".
IMPORTANT!:

Once the updates are installed do the following:
  • If you have an always on connection to the Internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Reboot into Safe Mode, you can do this by restarting your computer, then repeatedly tap F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
  • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Scan with ewido:
  • Click on scanner
  • Click on Settings
    • Under How to scan, all boxes should be selected
    • Under Possibly unwanted software, all boxes should be selected
    • Under What to scan, select scan every file
    • Click OK
  • Click on Complete system scan
  • Let the program scan the machine
  • If ewido finds anything, it will pop up a notification. DO NOT check "Perform action with all infections. If you are unsure of an entry, select "none" for the time being.
Save and Post Your Report:
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report
  • Save the report to your desktop
  • Exit ewido
  • Reboot into normal mode
  • When you are ready to post your next reply, double click on the saved report to open it, then use Ctrl + A to select all text, then Ctrl + C to copy the selected text to your clipboard. Next, open a new reply to your active topic in the forum, and use Ctrl + V to paste the copied text of the ewido log from your clipboard into your reply.
Step 4

To help prevent further infection, please download SpywareBlaster SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, Ad-Aware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Step 5

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the following browsers: Microsoft Internet Explorer, Mozilla Firefox
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 6

Please download the ATF-Cleaner ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning for the Firefox and Opera browser, including their cache, cookies, history, download history, visited links and saved passwords (You have the option of checking “no” if you want to save your passwords)
Do not run it yet.

Step 7

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

Logitech Desktop Messenger if you choose to do the optional fix

These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

NvCpl.dll,NvStartup initializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

nwiz.exe /install

nwiz.exe is a part of NVidia's Nview features installable alongside its graphics hardware products. This application will give the user access to additional features which allow the configuration of up to 32 monitors on a host or to expand the desktop across many monitors. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

You have NvMcTray.dll,NvTaskbarInit running at Startup. This is a System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

mmtask or mmtask.exe process can be removed to free up resources without compromising system performance. mmtask.exe is a process belonging to MusicMatch Jukebox. MusicMatch Jukebox is an application used to organize and play multimedia files. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

mm_tray.exe process can be removed to free up resources without compromising system performance. mm_tray.exe is the tray bar process for MusicMatch Jukebox which organizes and plays music media such as MP3. It gives the user easy access to the MusicMatch Jukebox application and settings. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.

Logitech® Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. LDM ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. LDM delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer‑related product and service developments (Logitech and otherwise) that are applicable to your life. Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet. If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application! These are the items to fix in HijackThis:

O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


quickstart.exe process can be removed to free up resources without compromising system performance. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. This is the item to fix in HijackThis:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 8

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 9

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:30 PM

Posted 15 October 2006 - 02:29 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users