Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Paypopup is being a nuisance!

Started by ZZZZAP , Nov 20 2006 08:37 PM

  • Please log in to reply

#1
ZZZZAP
Posted 20 November 2006 - 08:37 PM

ZZZZAP

    Member

  • Member
  • PipPip
  • 13 posts
I'm posting this HJT log for my buddy's PC. I cleaned alot of stuff up w/ Adaware and Spybot S&D, but neither one is cleaning something called "CommandService" and he keeps getting various popups. Here's the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:37:40 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\xirrfcdA.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Owner\Desktop\Malware stuff\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eeinstall] C:\Documents and Settings\Owner\Shared\guildwars access key.exe /reboot
O4 - HKLM\..\Run: [xirrfcdA] C:\WINDOWS\xirrfcdA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bw+0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {62841F19-F839-4327-BEA1-E7D0E4212FDD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {65BD126C-9E4B-4371-911F-EE85CA17D52B} - (no file)
O20 - AppInit_DLLs: dhalgooo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
  • 0

Advertisements

#2
MFDnSC
Posted 21 November 2006 - 10:16 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft....eweb.php/doc/2/
======================

Add remove programs - remove logitech desktop messenger

==========================

Please download and unzip Ren-cmdservice to your desktop.
It will only work if the folder is placed on your desktop and extracted.
http://downloads.sub...-cmdservice.zip
Open the ren-cmdservice then doubleclick the ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
===========================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0

#3
ZZZZAP
Posted 21 November 2006 - 08:00 PM

ZZZZAP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the AVG log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:00:04 PM 11/21/2006

+ Scan result:



C:\Documents and Settings\Owner\Local Settings\Temp\Tspd.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP83\A0015346.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP82\A0015154.exe -> Adware.Bagon : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\7hpxmq45.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\fgw9wf2a.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\jyo8239d.exe -> Adware.DriveCleaner : No action taken.
HKU\S-1-5-21-3429142003-321657340-333026666-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP69\A0012701.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP75\A0014483.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\ra8pv.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32fufudc.exe -> Adware.SearchAssistant : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP82\A0015149.dll -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\kcnzrop6.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\mnopdb.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\EHMR0ZUF\045[1].htm -> Downloader.Agent.au : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\EHMR0ZUF\096[1].htm -> Downloader.Agent.au : No action taken.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\T6BYO76Z\045[1].htm -> Downloader.Agent.au : No action taken.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\XO9QEJWU\096[1].htm -> Downloader.Agent.au : No action taken.
C:\WINDOWS\system32\crunner\cupdater.exe -> Downloader.Agent.c : No action taken.
C:\Program Files\Common Files\qwoi\qwoid\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\163.exe -> Downloader.Zlob.avo : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP74\A0014304.exe -> Dropper.Agent.mu : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP82\A0015161.exe -> Hijacker.Small : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ELYL0ZWR\v13trp[1].htm -> Hijacker.Small.jf : No action taken.
C:\Program Files\Messenger\howynyk.html -> Hijacker.Small.jf : No action taken.
C:\Program Files\Online Services\kyzeq.html -> Hijacker.Small.jf : No action taken.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0H67SHE7\v13trp[1].htm -> Hijacker.Small.jf : No action taken.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.612:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.731:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.860:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Adtrak : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.923:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.924:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt -> TrackingCookie.Enhance : No action taken.
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.734:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.735:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.736:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.737:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.738:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.739:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.603:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.614:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.640:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.650:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.778:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
:mozilla.745:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.746:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.747:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.748:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.749:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.366:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.367:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Starware : No action taken.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.794:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.795:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.796:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.919:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.920:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.804:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.805:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.806:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.807:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.808:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.809:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.810:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.811:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.812:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.813:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.673:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.674:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.675:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.676:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.677:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.837:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.838:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.839:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.840:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : No action taken.
:mozilla.915:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmrep64w.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP55\A0010793.exe -> Trojan.Runner.j : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP68\A0012598.exe -> Trojan.Runner.j : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP68\A0012662.exe -> Trojan.Runner.j : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP69\A0012685.exe -> Trojan.Runner.j : No action taken.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP69\A0012745.exe -> Trojan.Runner.j : No action taken.
C:\WINDOWS\system32\ewxcksr.exe -> Trojan.Runner.j : No action taken.


::Report end



Here is the ren-cmdservice log:

Running from C:\Documents and Settings\Owner\Desktop\ren-cmdservice\ren-cmdservice
No Image Path Listed in Registry

-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------


And finally the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:00:57 PM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\mnybbsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Malware stuff\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eeinstall] C:\Documents and Settings\Owner\Shared\guildwars access key.exe /reboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Filter: text/html - {65BD126C-9E4B-4371-911F-EE85CA17D52B} - (no file)
O20 - AppInit_DLLs: dhalgooo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
  • 0

#4
MFDnSC
Posted 21 November 2006 - 08:12 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZN

O18 - Filter: text/html - {65BD126C-9E4B-4371-911F-EE85CA17D52B} - (no file)

O20 - AppInit_DLLs: dhalgooo.dll

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\dhalgooo.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP