Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: can't remove command service and toolbar888

  1. 2006-10-01, 18:56 #1
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default can't remove command service and toolbar888

    I was wondering if someone would mind walking through the removal of command service and toolbar888

    Logfile of HijackThis v1.99.1
    Scan saved at 17:46:28, on 01/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\htpatch.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Logitech\iTouch\iTouch.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Documents and Settings\Geeta\Yinstall.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    D:\Program Files\MSN Messenger\msgr.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\R2VldGE\command.exe
    D:\WINDOWS\system32\Ctsvccda.exe
    D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
    D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\hijackthis\HijackThis.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Geeta\Yinstall.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
    O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
    O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120081644984
    O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  2. 2006-10-01, 18:57 #2
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default log continued...

    O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\R2VldGE\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  3. 2006-10-03, 14:00 #3
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    Hi k4m135h,

    Can you follow the instructions here:
    http://www.thespykiller.co.uk/forum/index.php?topic=5.0
    and upload a copy of:
    D:\Documents and Settings\Geeta\Yinstall.exe

    Then run HijackThis and put a checkmark in front of these items:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll

    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll

    O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe

    O4 - HKCU\..\Run: [LDM] \Program\

    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\R2VldGE\command.exe


    Then click fix checked.

    Then download Delcmdservice.zip to your Desktop.
    http://users.telenet.be/marcvn/tools/delcmdservice.zip
    Now, unzip delcmdservice-folder to your desktop.

    Open the delcmdservice-folder on your desktop and double-click on DelReg.bat, a DOS-window will open and rapidly close - this is normal -
    Now close the delcmdservice-folder.

    Reboot your computer and delete:
    D:\Program Files\ToolBar888 <= entire folder
    D:\WINDOWS\R2VldGE <= entire folder

    Let me know if that solves your problem.
    Last edited by Metallica; 2006-10-03 at 14:01.
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
  4. 2006-10-03, 21:01 #4
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    i've followed all your instructions, but once i rebooted my computer the two folders you asked me to delete were not found, i searched my computer but no such folders existed.

    the toolbar888 seems to have been removed but the "command" program still appears in my "add or remove programs". should i click remove for this program

    also the "Yinstall.exe" file is still located at
    D:\Documents and Settings\Geeta\Yinstall.exe
    should i attempt to delete this file?

    thanxs!
  5. 2006-10-03, 21:08 #5
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    when i ran a search for Yinstall, i also found another suspicious file
    D:\WINDOWS\Prefetch\YINSTALL.EXE-33890104.pf
  6. 2006-10-03, 21:10 #6
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    Yes you can delete Yinstall.exe
    It's an installer for other misery.
    Also look for:
    D:\mt-uninstaller.exe
    D:\drsmartload1.exe

    Delete them if they are present.

    Then post back with a new HijackThis log please and let me know if you have an problems left that need to be dealt with.
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
  7. 2006-10-03, 21:15 #7
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    The prefetch files are harmless by nature.
    You can leave that one alone.
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5826
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
  8. 2006-10-03, 21:56 #8
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    i deleted the Yinstall file

    should i attent to remove the "command" program from "add or remove program" ???

    i ran a search on those too file, and i am now clear of both of them
    ----------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 20:55:52, on 03/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\htpatch.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Logitech\iTouch\iTouch.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\PRINTV~1\pvmodule.exe
    D:\Program Files\Common Files\{1B5611E3-0A77-2057-0129-03030121002c}\Update.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\system32\Ctsvccda.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
    D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\hijackthis\HijackThis.exe
    D:\Program Files\Winamp\winamp.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
    O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
    O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120081644984
    O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug2...ineInstall.cab
    O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  9. 2006-10-03, 22:22 #9
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    Click Start > Run type services.msc > OK
    In the list of services find:
    System Startup Service (SvcProc)
    Rightclick that line and choose Properties.
    On the General tab Stop and set the service to disabled.
    In HijackThis click Config > Misc Tools > Delete an NT service
    In the dialog box paste: Network Monitor

    Then in HijackThis open the Uninstall manager under Misc Tools and remove "command" there. I think the one under Add/Remove Programs will not work.

    Then run another scan with HijackThis and fix these lines:
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll (file missing)
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL

    Click Fix checked and reboot.

    Post a new HijackThis log so I can check if everything worked as advertised.
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
  10. 2006-10-03, 22:26 #10
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    Oops. Almost forgot.

    When you reboot delete this folder:
    D:\Program Files\PrintView
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules