1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: safetyhomepage.com

Discussion in 'Virus & Other Malware Removal' started by Kevin Pooley, Aug 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    My PC (P IV, 3 Gig, Windows XP) has been hijacked by safetyhomepage.com as a result of me clicking to accept a dodgy codec update. Does anyone have any useful suggestions?
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    Thanks for such a quick response:

    Logfile of HijackThis v1.99.1
    Scan saved at 04:23:01, on 12/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IntCodec\isamonitor.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\IntCodec\isamini.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\StarOffice7\program\soffice.exe
    C:\WINDOWS\system32\dlbtcoms.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
    O4 - Startup: desktop(2).ini
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120233072906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: bw+0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove logitech desktop messenger
    ==============================================
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  5. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    SmitFraudFix v2.81

    Scan done at 12:30:54.84, 13/08/2006
    Run from C:\Documents and Settings\Kevin Pooley\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    C:\Program Files\IntCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End




    Logfile of HijackThis v1.99.1
    Scan saved at 12:47:37, on 13/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\StarOffice7\program\soffice.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
    O4 - Startup: desktop(2).ini
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120233072906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: bw+0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {FFB94DA4-93F6-4D4F-AB67-C53D6FFFB905} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    It appears you did not remove Logitech Desktop Messenger - Please do that as it has created all of those O18 entries in error.
     
  7. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    My mistake, new log below:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:03:31, on 13/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\StarOffice7\program\soffice.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
    O4 - Startup: desktop(2).ini
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120233072906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Clickon scanner
    · then select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Select "Automatically generate report after every scan"
    · Un-Select "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  9. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 15:12:20 15/08/2006

    + Scan result:



    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][3].txt -> TrackingCookie.2o7 : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Ad-logics : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][4].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Adviva : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][3].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Mummy\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][3].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Clickzs : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Commission-junction : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Counted : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Counted : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Directnetadvertising : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Mummy\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Euniverseads : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Findwhat : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Gator : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Gator : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected]r2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Internetfuel : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Linksynergy : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Paycounter : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Mummy\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Sexlist : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Specificpop : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Spinbox : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Spylog : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Spylog : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Spylog : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Targetnet : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Targetnet : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][3].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected]nager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Kevin Pooley\Cookies\kevin [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Emma\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
    G:\WINDOWS\Cookies\kevin [email protected][2].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end


    HiJack This log to follow
     
  10. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 15:21:12, on 15/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\StarOffice7\program\soffice.exe
    C:\WINDOWS\system32\dlbtcoms.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
    O4 - Startup: desktop(2).ini
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120233072906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ===============

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  12. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    It might very well be working perfectly, but as Logitech cordless mouse and keyboard have both died, I can't tell! Windows presents me with the account screen, and I'm then stumped. I assume that this problem is quite unconnected with the above. Surely there isn't any link between the two, is there?
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I told you to remove ONLY the logitech desktop messenger - if you removed more that would cause the problem - re-install the Logitech software
     
  14. Kevin Pooley

    Kevin Pooley Thread Starter

    Joined:
    Aug 11, 2006
    Messages:
    9
    The mouse and keyboard both continued to work perfectly for several days after I removed the Logitech software, so is it likely that this is the problem? If it is, how do I go about reinstalling the software with the mouse and keyboard not functioning?
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Then the problem is elsewhere and could be motherboard releated

    Checked the batteries and checked the receiver
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491495

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice