Malware problem via popup misclick

viperviper888 · Oct 29, 2006

I accidentally clicked this popup on one of my forums site and it started downloading stuff i wa slike daarN!
Anyways i have a trojan pop-up downloader and this thing called protection bar i cant remove using couple of my programs. plz help

pskelley · Oct 29, 2006

Welcome to the forum, please be advised that most forums Pin the information you need at the top of the page. These two links are a must before you can proceed, but I suggest you review all Pinned (Sticky) information.
UPDATED WINDOWS - Your first line of defence, links and tips
http://forums.spybot.info/showthread.php?t=425
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288
Use the "Post Reply" to post the information in the instructions.
Thanks...pskelley
Safer Networking Forums

viperviper888 · Oct 29, 2006

Ok i only had one update i had to do and now what should i post my HJT log?

pskelley · Oct 29, 2006

It is good to hear your Windows Criticals are up to date. I would appreciate it if you would read and follow the directions in the link I posted:
http://forums.spybot.info/showthread.php?t=288

I assure you the answers to all of your questions about how to post are in that information.

Thanks

viperviper888 · Oct 30, 2006

Adware:Adware/PornMagPass Not disinfected C:\Program Files\VideoKeyCodec\isamini.exe
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.gamearena.com.au/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Shaine\Cookies\shaine@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shaine\Cookies\shaine@atdmt[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Shaine\Cookies\shaine@clickbank[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Shaine\Cookies\shaine@doubleclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shaine\Cookies\shaine@tribalfusion[2].txt
Adware:Adware/VirusBurst Not disinfected C:\Documents and Settings\Shaine\Local Settings\Temp\laf4C.tmp
Potentially unwanted tool:Application/VirusBurst Not disinfected C:\Documents and Settings\Shaine\Local Settings\Temp\vb4D.exe[VirusBurster.exe]
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Shaine\Local Settings\Temporary Internet Files\Content.IE5\FZ0Y3SVH\safeiepage[1].htm
Virus:W32/Kelvir.ET.worm Disinfected C:\Documents and Settings\Shaine\My Documents\My Downloads\photo2342.pif
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Shaine\My Documents\My Downloads\Setup(2).exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Shaine\My Documents\My Downloads\Setup.exe
Possible Virus. Not disinfected C:\Program Files\shizmoo\webgames\uninstall.exe
Adware:Adware/PornMagPass Not disinfected C:\Program Files\VideoKeyCodec\isauninst.exe
Adware:Adware/EMediaCodec Not disinfected C:\Program Files\VideoKeyCodec\pmmon.exe
Virus:W32/Alcan.A.worm Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc15.rar[Hide IP Platinum 2.3.zip][Setup.exe]
Virus:VBS/Lefarsi.A Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc15.rar[Hide IP Platinum 2.3.zip][FILE.VBS]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc22.rar[Hack Pack V1.2\Hacking programs\Memory Scanners\Best Hacking Programs\Wpe Pro 0.9a\WPE PRO 0.9a.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc22.rar[Hack Pack V1.2\Hacking programs\Memory Scanners\Best Hacking Programs\Wpe Pro 0.9a\Wpespy.dll]
Virus:Trj/Downloader.IUM Disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc28.zip[patch1.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc46.2\Hacking programs\Memory Scanners\Best Hacking Programs\Wpe Pro 0.9a\WPE PRO 0.9a.exe
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1645522239-861567501-725345543-1004\Dc46.2\Hacking programs\Memory Scanners\Best Hacking Programs\Wpe Pro 0.9a\Wpespy.dll
Possible Virus. Not disinfected C:\ReymiXEngine\reymixddk.dll

viperviper888 · Oct 30, 2006

my HJT log id to big how do i post it?

viperviper888 · Oct 30, 2006

Logfile of HijackThis v1.99.1
Scan saved at 1:16:07 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\VideoKeyCodec\isamonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VideoKeyCodec\isamini.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Webcam Recorder\ml20gui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shaine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
O1 - Hosts: <meta name="ProgId" content="FrontPage.Editor.Document">
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <title>OOPS!</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#848484">
O1 - Hosts: 
O1 - Hosts: 
O1 - Hosts: <div align="center">
O1 - Hosts: <center>
O1 - Hosts: <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="617" height="77" id="AutoNumber1">
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="7" bgcolor="#FF931F">
O1 - Hosts: OOPS!</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="50" bgcolor="#CFD9DF">
O1 - Hosts: This page "/update/hosting/old/hosts" doesn't exist or
O1 - Hosts: never existed in the first place. 
O1 - Hosts: 
O1 - Hosts: <a href="http://www.GamingAddix.com" style="text-decoration: none; font-weight: 700">
O1 - Hosts: www.GamingAddix.com</a>
O1 - Hosts: Your IP:
O1 - Hosts: 69.193.179.204 
O1 - Hosts: Browser:
O1 - Hosts: Microsoft URL Control - 6.00.8862 
O1 - Hosts: Has been Logged for better performance. 
O1 - Hosts: 
O1 - Hosts: 
O1 - Hosts: 
O1 - Hosts: Your Required Dose Of Game</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="12" bgcolor="#FF931F"> </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </center>
O1 - Hosts: </div>
O1 - Hosts: 
O1 - Hosts: 
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O18 - Protocol: bw+0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

viperviper888 · Oct 30, 2006

O18 - Protocol: bwd0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pskelley · Oct 30, 2006

Thanks for posting your information, you have a multitude of problems, let's try to correct them one at a time.

1) Your HOSTS file, look at the 01 numbers in the HJT log. Is this something you have done on purpose? If you DID NOT then follow these instructions to restore your HOSTS files to the original Microsoft HOSTS file:
Download Hoster v3.1 from here: http://www.funkytoad.com/content/view/13/ then choose to do this:
Restore MS Hosts - Restores the hosts file to Microsoft's original hosts file. you can close the program at that point, but you should take the time to review this information:
http://www.mvps.org/winhelp2002/hosts.htm
So you will understand how to use the HOSTS file.

2) For your information, all of the 018 items in the log are the result of the Logitech Desktop Messenger which gets installed along with another Logitech program because the EULA agreement is not read. Unless you know what it is and use it, it is a resource waster and can be removed in Add Remove programs, but make sure you uninstall only what I highlite in red, this is optional:
C:\Program Files\Logitech\Desktop Messenger\ <<< uninstall only the program in red.

3) Once you have completed the above two instructions, then follow these instructions, you have a Smitfraud infection.
Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

viperviper888 · Oct 30, 2006

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:10:19 PM 10/30/2006

+ Scan result:

:mozilla.152:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.153:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.154:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.509:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.510:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.67:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.68:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.69:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.70:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.71:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.21:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.22:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.783:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.215:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.376:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.381:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.574:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.573:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.72:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.73:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.75:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.12:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.13:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.14:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.15:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.16:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.18:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.23:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.24:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.25:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.26:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.27:C:\Documents and Settings\Shaine\Application Data\Mozilla\Firefox\Profiles\2pvgdrs5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end
--------------------------------------------------------------------------
SmitFraudFix v2.117

Scan done at 15:05:27.35, Mon 10/30/2006
Run from C:\Documents and Settings\Shaine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\VideoKeyCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

viperviper888 · Oct 30, 2006

Logfile of HijackThis v1.99.1
Scan saved at 4:14:32 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Shaine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162134968204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} -

viperviper888 · Oct 30, 2006

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E68D2B03-B99F-4B01-A3D0-11389F9EE11F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pskelley · Oct 30, 2006

Not a lot of information from you to work with?

1) AVG Anti-Spyware: all items show "No action taken" ? did you delete what the program found?
Follow these directions to Deactivate the Resident Shield. If you did not run in safe mode the laft time, please make sure you do this time.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/

2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

3) All of the 018 Desktop Messenger lines are still there?

4) Please update your Java program in the Control Panel, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2+
C:\Program Files\Java\jre1.5.0_07\ <<< out of date

5) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a new HJT log, the Spyware scan results (I do not need to see cookies, edit them if there) and some information from you.

Thanks

tashi · Nov 7, 2006

This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.

Malware problem via popup misclick

viperviper888

New member

pskelley

In Memoriam -Always in our heart

viperviper888

New member

pskelley

In Memoriam -Always in our heart

viperviper888

New member

viperviper888

New member

viperviper888

New member

viperviper888

New member

pskelley

In Memoriam -Always in our heart

viperviper888

New member

viperviper888

New member

viperviper888

New member

pskelley

In Memoriam -Always in our heart

tashi

Member of Team Spybot