View Full Version : can't remove command service and toolbar888
I was wondering if someone would mind walking through the removal of command service and toolbar888
Logfile of HijackThis v1.99.1
Scan saved at 17:46:28, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Documents and Settings\Geeta\Yinstall.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\Program Files\MSN Messenger\msgr.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\R2VldGE\command.exe
D:\WINDOWS\system32\Ctsvccda.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Geeta\Yinstall.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120081644984
O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\R2VldGE\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Metallica
2006-10-03, 15:00
Hi k4m135h,
Can you follow the instructions here:
http://www.thespykiller.co.uk/forum/index.php?topic=5.0
and upload a copy of:
D:\Documents and Settings\Geeta\Yinstall.exe
Then run HijackThis and put a checkmark in front of these items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\R2VldGE\command.exe
Then click fix checked.
Then download Delcmdservice.zip to your Desktop.
http://users.telenet.be/marcvn/tools/delcmdservice.zip
Now, unzip (http://home.planet.nl/~kleyn080/xpcompressedexplanation.html) delcmdservice-folder to your desktop.
Open the delcmdservice-folder on your desktop and double-click on DelReg.bat, a DOS-window will open and rapidly close - this is normal -
Now close the delcmdservice-folder.
Reboot your computer and delete:
D:\Program Files\ToolBar888 <= entire folder
D:\WINDOWS\R2VldGE <= entire folder
Let me know if that solves your problem.
i've followed all your instructions, but once i rebooted my computer the two folders you asked me to delete were not found, i searched my computer but no such folders existed.
the toolbar888 seems to have been removed but the "command" program still appears in my "add or remove programs". should i click remove for this program
also the "Yinstall.exe" file is still located at
D:\Documents and Settings\Geeta\Yinstall.exe
should i attempt to delete this file?
thanxs!
when i ran a search for Yinstall, i also found another suspicious file
D:\WINDOWS\Prefetch\YINSTALL.EXE-33890104.pf
Metallica
2006-10-03, 22:10
Yes you can delete Yinstall.exe
It's an installer for other misery.
Also look for:
D:\mt-uninstaller.exe
D:\drsmartload1.exe
Delete them if they are present.
Then post back with a new HijackThis log please and let me know if you have an problems left that need to be dealt with.
Metallica
2006-10-03, 22:15
The prefetch files are harmless by nature.
You can leave that one alone.
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5826
i deleted the Yinstall file
should i attent to remove the "command" program from "add or remove program" ???
i ran a search on those too file, and i am now clear of both of them
----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:55:52, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\Program Files\Common Files\{1B5611E3-0A77-2057-0129-03030121002c}\Update.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\Ctsvccda.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\hijackthis\HijackThis.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120081644984
O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Metallica
2006-10-03, 23:22
Click Start > Run type services.msc > OK
In the list of services find:
System Startup Service (SvcProc)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to disabled.
In HijackThis click Config > Misc Tools > Delete an NT service
In the dialog box paste: Network Monitor
Then in HijackThis open the Uninstall manager under Misc Tools and remove "command" there. I think the one under Add/Remove Programs will not work.
Then run another scan with HijackThis and fix these lines:
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
Click Fix checked and reboot.
Post a new HijackThis log so I can check if everything worked as advertised.
Metallica
2006-10-03, 23:26
Oops. Almost forgot.
When you reboot delete this folder:
D:\Program Files\PrintView
i did all the above, but when i tried to delete the folder "printview" it said "cannot delete pvmodule.exe access is denied"
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:16:10, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\Program Files\Common Files\{1B5611E3-0A77-2057-0129-03030121002c}\Update.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\Ctsvccda.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
D:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120081644984
O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Metallica
2006-10-04, 09:20
Can you delete the folder in safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) ?
Delete this one as well when you are there:
D:\Program Files\Common Files\{1B5611E3-0A77-2057-0129-03030121002c} <= entire folder
and use HijackThis to fix:
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
Let me know.
i deleted the folders in safe mode, and successfully completed the other instructions
--------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:44:40, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\Ctsvccda.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120081644984
O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Metallica
2006-10-04, 14:53
Your log looks clean now. Good job. :bigthumb:
Can you tell me if you were infected by a link in a message that was delivered by MSN Messenger?
If so, there is something else we need to do and the person you got the message from will probably need help as well.
yes thats exactly how i got it, through msn messenger
Metallica
2006-10-04, 15:42
Ok.
Please surf to http://www.kaspersky.com/scanforvirus.html and have this file scanned:
D:\Program Files\MSN Messenger\MSNMSGR.EXE
Let me know the results.
The original may have been replaced with a copy of the virus.
i tried to scan the file "msnmsgr.exe" but it wouldnt scan as it larger then 1mb
however i had previuosly uninstalled msn messenger, and installed it again after i had recieved the infection
Metallica
2006-10-04, 16:31
Ah OK. Then you should be safe.
Please read:
http://forums.spybot.info/showthread.php?t=279
Don't forget to inform the person that infected you. :spider:
Metallica
2006-10-04, 16:56
My pleasure. :)
Be carefull out there. ;)
Glad we could help. I'm closing this topic.
Anyone having a similar problem, start a thread of your own.