HiJackThis Log Please...

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.
C

Codemaster

Thread Starter
Joined
May 5, 2001
Messages
529
Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 3:49:14 PM, on 6/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\runservice.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner\n20050308.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1289/ftp.coupons.com/v7/brix7ie.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} - http://www.cantoche.com/Player/V12/LAinstall.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2D} (KIDInstaller Class) - http://www.kidnetic.com/cantoche/download/busyinstall.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: bw+0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\nwtplwiz.dll
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


Thanks again...
 
flavallee

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
85,085
Uninstall Logitech Desktop Messenger, then delete its folder from the C:\Program Files\Logitech folder - if it's still there. Don't delete the Logitech folder!

----------------------------------------------------------------

Download and install Ad-Aware SE Personal 1.06 and Spybot - Search & Destroy 1.4 from the spyware tools section at www.majorgeeks.com. Once they're installed, run their update function and install any new updates that appear. Once they're up-to-date, run as full system scan with Ad-Aware, select and delete everything it finds, run a scan with Spybot, then select and delete everything in red it finds. Reboot afterwards.

Run another scan with HijackThis, then post a new log here.

----------------------------------------------------------------
 
C

Codemaster

Thread Starter
Joined
May 5, 2001
Messages
529
That is the scan after I've run all of those scans, but I'll post another anyways.
 
C

Codemaster

Thread Starter
Joined
May 5, 2001
Messages
529
I cannot uninstall desktop messenger, but I did delete the Messenger folder.

Logfile of HijackThis v1.99.1
Scan saved at 7:38:06 PM, on 6/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\runservice.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\sder\dees.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner\n20050308.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Eoku] C:\WINNT\System32\??stem32\rundll.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1289/ftp.coupons.com/v7/brix7ie.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} - http://www.cantoche.com/Player/V12/LAinstall.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2D} (KIDInstaller Class) - http://www.kidnetic.com/cantoche/download/busyinstall.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: bw+0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {48F752BD-7C35-42E1-9CA3-E6ED9B3E05C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\nwtplwiz.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
 
flavallee

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
85,085
You deleted the Desktop Messenger folder from the C:\Program Files\Logitech folder and NOT the Messenger folder from the C:\Program Files folder, right?

If you made a mistake and deleted the wrong folder, go into the Recycle Bin, click on and highlight it, then click File - Restore.

----------------------------------------------------------------

Run another scan with HijackThis, place a checkmark in ALL the O18 entries, then click "Fix Checked".

----------------------------------------------------------------

Run another scan afterwards and post a new log here.

----------------------------------------------------------------
 
C

Codemaster

Thread Starter
Joined
May 5, 2001
Messages
529
Logfile of HijackThis v1.99.1
Scan saved at 7:01:45 AM, on 6/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\runservice.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\msiexec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINNT\System32\??stem32\rundll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\HPZipm12.exe
\?\C:\WINNT\system32\WBEM\WMIADAP.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner\n20050308.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Eoku] C:\WINNT\System32\??stem32\rundll.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1289/ftp.coupons.com/v7/brix7ie.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} - http://www.cantoche.com/Player/V12/LAinstall.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2D} (KIDInstaller Class) - http://www.kidnetic.com/cantoche/download/busyinstall.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: policies - C:\WINNT\system32\nwtplwiz.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

ty
 
flavallee

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
85,085
This entry appears to be a problem:

O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner\n20050308.EXE

Read here.

----------------------------------------------------------------

This entry appears to be a problem:

O4 - HKCU\..\Run: [Eoku] C:\WINNT\System32\??stem32\rundll.exe

but I can't confirm it.

----------------------------------------------------------------

Some of the other O4 entries also look suspicious to me, but I can't confirm that.

You're going to need some help from someone more experienced than me.

----------------------------------------------------------------

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Write down everything in the leftmost column with a checkmark next to it, then post the list here. Make sure to write them down here exactly as you see them. Post the list in a vertical column because it makes it easier to read and decipher.

----------------------------------------------------------------
 
cybertech

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner\n20050308.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [Eoku] C:\WINNT\System32\??stem32\rundll.exe
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4...23/cpbrkpie.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...are/install.cab
O20 - Winlogon Notify: policies - C:\WINNT\system32\nwtplwiz.dll

Close all applications and browser windows before you click "fix checked".

Restart in safe mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Delete this file:
C:\WINNT\ttupt.exe
C:\Documents and Settings\Owner\n20050308.EXE

Delete this folder:
C:\WINNT\System32\vidctrl

Reboot.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
 
flavallee

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
85,085
CyberTech:

Thanks for jumping in to assist.

CodeMaster:

You can post that MSCONFIG "Startup" list after you follow CyberTech's instructions. It'll likely show some additional entries that are not in the O4 list.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 341 (members: 7, guests: 334)
Top