PDA

View Full Version : anti-vermins.com - fake alert malware



JAG01
2007-01-04, 21:41
Hello

I started out having the System Alert Pop-up which re-directed me to the anti-vermins.com site. I have completed the preliminary step advise and have included the support logs. I would appreciate help in cleaning up my PC.

I have shutdown the System Restore on XP too ! !

***************************************************

Logfile of HijackThis v1.99.1
Scan saved at 2:16:29 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Allow popups - file://C:\Program Files\Ultimate Popup Killer\Popupkiller.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137814344625
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: bw+0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Thanks in advance

shelf life
2007-01-05, 03:27
hi JAG01,

read thru this sticky. download what you need (smitfraudFix) and follow along for the fix. at some point the fix requires a boot into safe mode so i would copy/paste the rest of the directions into notepad and save them so you can read them in safe mode. the sticky will spell all of this out for you.

http://forums.spybot.info/showthread.php?t=4015

shelf life

JAG01
2007-01-05, 16:17
Hello Shelf Life

Thanks for the Quick response. I followed your prescribed procedures and here are the logs you requested.

*****************************************************
SmitFraudFix v2.132

Scan done at 8:21:58.73, Fri 01/05/2007
Run from C:\Documents and Settings\Owner\Desktop\Smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\cthkpcv.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

JAG01
2007-01-05, 16:18
Here is the after
***************************************************
SmitFraudFix v2.132

Scan done at 8:32:17.81, Fri 01/05/2007
Run from C:\Documents and Settings\Owner\Desktop\Smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\cthkpcv.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

JAG01
2007-01-05, 16:26
Here is the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:09:48 AM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Allow popups - file://C:\Program Files\Ultimate Popup Killer\Popupkiller.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137814344625
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: bw+0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
***************************************************
I was unable to send the complete HJT log because of a char. restriction so I'll post he last have in the next post Sorry. I will await instructions from you before continuing further

Thanks again;)

JAG01
2007-01-05, 16:27
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
****************************************************

That's the end of the HJT Log

Thanks

shelf life
2007-01-06, 03:30
hi JAG01,

good. looks like smitfraudfix did the trick. do i see two antivirus apps? norton and avg. two is not better than one with antivirus, may cause problems. i would remove one via the add/remove programs panel

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/

R3 - URLSearchHook: ScriptInocUI Class - - (no file)

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

shelf life

JAG01
2007-01-07, 03:15
Thanks for the excellent help Shelf Life.... however I have had the MySearch pop back into the HJT log. I deleted it again so hopefully it will stay away. Also Spybot keeps finding 3 errors I have included the sypbot log & a new HJT log for you to review....... Thanks in advance
*******************************************

--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-05 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-05 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-05 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-05 Includes\KeyloggersC.sbi (*)
2006-12-22 Includes\Malware.sbi (*)
2007-01-05 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2007-01-05 Includes\PUPSC.sbi (*)
2007-01-05 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-05 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2007-01-05 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-05 Includes\TrojansC.sbi (*)

Next I will post my HJT Log

JAG01
2007-01-07, 03:16
Logfile of HijackThis v1.99.1
Scan saved at 8:06:34 PM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Owner\Desktop\Hi-jack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Allow popups - file://C:\Program Files\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137814344625
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: bw+0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E902E02A-269A-408A-A65A-2409EFBF4B4C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Let me know if there is anything else I should do ..........Thanks

shelf life
2007-01-07, 04:14
hi JAG01,

cookies are pretty much harmless. some antivirus apps may disable the windows security center and use there own. see this link:

http://www.spybot.info/en/faq/46.html

shelf life

JAG01
2007-01-08, 14:52
Thanks for all your help ......

tashi
2007-01-11, 07:44
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.