Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

3 EVIL ADWARES! Help please!

Started by Scrilla , Dec 07 2006 04:06 PM

Please log in to reply

#1
Scrilla

Posted 07 December 2006 - 04:06 PM

Member

Member
66 posts

I use F-Secure Antivirus Client security as my main AV now. After a full scan I clicked on the Clean Spyware button. It quarintined one item but just sat there forever on a registry entry. The report was as follows: (Please let me know any more info you may need on helping me removes these, thanks in advance)

[quote]
Adware.Agent (Data miner)

* REGKEY:HKCR\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}
REGKEY:HKLM\software\microsoft\windows\currentversion\uninsta[quote]ll\webwork

Adware.MMSAssist (Undefined)

* FILE:C:\WINDOWS\system32\std.ini
REGKEY:HKCR\clsid\{6671a432-5c3d-463d-a7cf-5587f9b7e191}
REGKEY:HKCR\interface\{74289a7a-e652-4a57-a6b9-ee64ad532a8d}
REGKEY:HKCR\clsid\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
REGKEY:HKCR\interface\{74289a79-e652-4a57-a6b9-ee64ad532a8d}
REGKEY:HKCR\typelib\{077525ac-c681-4139-8c3e-b582bdd375c7}
REGKEY:HKLM\software\mmsassist
REGKEY:HKLM\software\microsoft\internet explorer\extensions\{6671a433-5c3d-463d-a7cf-5587f9b7e191}
REGKEY:HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
REGKEY:HKLM\software\microsoft\windows\currentversion\uninstall\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
REGKEY:HKCR\mmsbho.mmsassist
REGKEY:HKCR\mmsbho.mmsassist.1
REGKEY:HKCR\mmsbho.mmsassistmenu
REGKEY:HKCR\mmsbho.mmsassistmenu.1
REGVALUE:HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping\{6671A433-5C3D-463d-A7CF-5587F9B7E191}
REGKEY:HKU\.DEFAULT\software\microsoft\i

Adware.BHO(generic) (Undefined)

* FILE:C:\WINDOWS\system32\themeadp.nls
REGKEY:HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet account manager\accounts\bigfoot
Action: quarantined
[/quote]

The MMSAssist has been around FOREVER and it just won't give it... please help. I'm at my witts end.

#2
MFDnSC

Posted 07 December 2006 - 04:42 PM

Banned

Banned
1,137 posts

http://download.blee...aB/combofix.exe

DL this

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

#3
Scrilla

Posted 07 December 2006 - 05:30 PM

Member

Topic Starter
Member
66 posts

Really wierd. After trying to open ComboFix it kept coming to a blue dos screen and doing nothing, so i restarted. After restart... somehow my clock is now in military time (??) and the Combo Fix gave me an error about Symantec, I pressed Ignore and it gave the message Cannot load VDM IPX/SPX support. It also made all my icons on my desktop dissapear and they wont come back. What the heck? Gonna restart and try again.

PS: As far as I know I dont have any Symantec programs installed anymore.

Edited by Scrilla, 07 December 2006 - 05:41 PM.

#4
MFDnSC

Posted 07 December 2006 - 06:39 PM

Banned

Banned
1,137 posts

try it in safe mode

#5
Scrilla

Posted 07 December 2006 - 10:51 PM

Member

Topic Starter
Member
66 posts

Thanks for the help :whistling:

,

Same thing in safe mode... I attached a screen shot. Notice the clock and all icons gone?

Edit: Don't thing the attachments working.. error message read: Title::16 bit MS-DOS Subsystem "Combo Fix C:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed Dll initialization. Choose 'Close' to terminate the application." I've tried system restore... and that fixes the clock and the desktop. Any ideas?

Edited by Scrilla, 07 December 2006 - 11:00 PM.

#6
MFDnSC

Posted 08 December 2006 - 10:07 AM

Banned

Banned
1,137 posts

Click here to download HJTsetup.exe:

http://www.thespykil...=tpmod;dl=item5
Scroll down to the download section

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

#7
Scrilla

Posted 08 December 2006 - 12:30 PM

Member

Topic Starter
Member
66 posts

Thanks for the response, I'd liek to mention after trying to run combofix last night my start bar kept having "busy" hourglass on mouseover. When i started my machine today i just tried clicking start over and over and it seems that problem is gone.... for now. Anyway, here are the results from the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:27:24 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\Smc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\BitTornado\btdownloadgui.exe
D:\Desktop Stuff\antihijack soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: >> ²ÊÐÅ·¢ËÍ << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖÃ - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: ¿áÈÈÓ°Òô - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150247875765
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: winyok - Unknown owner - C:\WINDOWS\TEMP\yok666\yok.exe (file missing)

Edited by Scrilla, 08 December 2006 - 12:34 PM.

#8
MFDnSC

Posted 08 December 2006 - 01:17 PM

Banned

Banned
1,137 posts

Add remove programs - remove logitech desktop messenger

======================
You have no active AntiVirus!

Get the free AVG 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft....eweb.php/doc/2/
==================================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.c...s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.

#9
Scrilla

Posted 08 December 2006 - 04:51 PM

Member

Topic Starter
Member
66 posts

I guess they updated SpySweeper since you wrote/obtained thoes instructions. Looks like things have been moved around, I found everything you were talking about but i'm a bit confused about "o Please UNCHECK Do not Sweep System Restore Folder." Do I want to sweep thoes files as well, its a bit unclear. I've run the Virus scan with no infections and in the process of runnig the sweep excluding system restore. Thanks for all your help.

#10
MFDnSC

Posted 08 December 2006 - 05:00 PM

Banned

Banned
1,137 posts

No you do not want to check the system restore

#11
Scrilla

Posted 08 December 2006 - 05:05 PM

Member

Topic Starter
Member
66 posts

Awesome thanks, scans been running for about an hour now should be done within 15 mins.

#12
Scrilla

Posted 08 December 2006 - 05:35 PM

Member

Topic Starter
Member
66 posts

Hope this is the report your asking for... it prompted me to restart to remove some of the items.

Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: Off
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:30 PM: Shield States
6:30 PM: Spyware Definitions: 817
6:30 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
6:29 PM: Spy Sweeper 5.2.3.2132 started
5:18 PM: | End of Session, Friday, December 08, 2006 |
5:15 PM: Your spyware definitions have been updated.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: Off
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:08 PM: Shield States
5:08 PM: Spyware Definitions: 804
5:08 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
5:07 PM: Spy Sweeper 5.2.3.2132 started
5:07 PM: Spy Sweeper 5.2.3.2132 started
5:07 PM: | Start of Session, Friday, December 08, 2006 |
********
6:26 PM: Removal process completed. Elapsed time 00:01:48
6:26 PM: Preparing to restart your computer. Please wait...
6:25 PM: Quarantining All Traces: zedo cookie
6:25 PM: Quarantining All Traces: yadro cookie
6:25 PM: Quarantining All Traces: burstbeacon cookie
6:25 PM: Quarantining All Traces: tripod cookie
6:25 PM: Quarantining All Traces: tribalfusion cookie
6:25 PM: Quarantining All Traces: trafficmp cookie
6:25 PM: Quarantining All Traces: tacoda cookie
6:25 PM: Quarantining All Traces: statcounter cookie
6:25 PM: Quarantining All Traces: serving-sys cookie
6:25 PM: Quarantining All Traces: rightmedia cookie
6:25 PM: Quarantining All Traces: revenue.net cookie
6:25 PM: Quarantining All Traces: realmedia cookie
6:25 PM: Quarantining All Traces: questionmarket cookie
6:25 PM: Quarantining All Traces: nextag cookie
6:25 PM: Quarantining All Traces: mygeek cookie
6:25 PM: Quarantining All Traces: webtrends cookie
6:25 PM: Quarantining All Traces: hypertracker.com cookie
6:25 PM: Quarantining All Traces: gamespy cookie
6:25 PM: Quarantining All Traces: overture cookie
6:25 PM: Quarantining All Traces: burstnet cookie
6:25 PM: Quarantining All Traces: bizrate cookie
6:25 PM: Quarantining All Traces: belnk cookie
6:25 PM: Quarantining All Traces: atwola cookie
6:25 PM: Quarantining All Traces: ask cookie
6:25 PM: Quarantining All Traces: adtech cookie
6:25 PM: Quarantining All Traces: adserver cookie
6:25 PM: Quarantining All Traces: adreactor cookie
6:25 PM: Quarantining All Traces: pointroll cookie
6:25 PM: Quarantining All Traces: adrevolver cookie
6:25 PM: Quarantining All Traces: adknowledge cookie
6:25 PM: Quarantining All Traces: yieldmanager cookie
6:25 PM: Quarantining All Traces: 2o7.net cookie
6:25 PM: Quarantining All Traces: ipinsight
6:25 PM: Quarantining All Traces: tvmedia
6:25 PM: Quarantining All Traces: seekseek
6:25 PM: Quarantining All Traces: drsnsrch.com hijack
6:25 PM: Quarantining All Traces: desktop toolbar common components
6:25 PM: Quarantining All Traces: mindset interactive - favoriteman
6:25 PM: C:\WINDOWS\system32\updstdup is in use. It will be removed on reboot.
6:25 PM: boran is in use. It will be removed on reboot.
6:24 PM: Quarantining All Traces: boran
6:24 PM: Quarantining All Traces: winad
6:24 PM: Quarantining All Traces: directrevenue-abetterinternet
6:24 PM: Quarantining All Traces: cws-aboutblank
6:24 PM: Quarantining All Traces: websearch toolbar
6:24 PM: Removal process initiated
6:24 PM: Traces Found: 1338
6:24 PM: Custom Sweep has completed. Elapsed time 01:06:12
6:24 PM: File Sweep Complete, Elapsed Time: 01:03:08
Not enough storage is available to process this command
6:23 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Access is denied
6:23 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
6:21 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
6:14 PM: Warning: Failed to access drive F:
6:14 PM: Warning: Failed to access drive E:
6:10 PM: Warning: Failed to open file "d:\program files\dap\history\trey hudson\_lasthist.dat". The operation completed successfully
5:47 PM: BHO Shield: found: -- BHO installation denied at user request
5:47 PM: BHO Shield: found: -- BHO installation denied at user request
5:45 PM: C:\WINDOWS\inf\polall1r.inf (ID = 83425)
5:45 PM: Found Adware: directrevenue-abetterinternet
5:45 PM: C:\WINDOWS\inf\conscorr.inf (ID = 64277)
5:45 PM: Found Adware: ipinsight
5:45 PM: c:\windows\downloaded program files\winadx.inf (ID = 365853)
5:45 PM: C:\Documents and Settings\Trey Hudson\Application Data\tvmcwrd.dll (ID = 81712)
5:45 PM: c:\windows\downloaded program files\atpartners.inf (ID = 362384)
5:45 PM: Found Adware: mindset interactive - favoriteman
5:43 PM: C:\Documents and Settings\Trey Hudson\Application Data\tvmuknwrd.dll (ID = 81759)
5:43 PM: Found Adware: tvmedia
5:42 PM: Warning: Failed to open file "c:\documents and settings\trey hudson\application data\mozilla\firefox\profiles\default.8am\parent.lock". The operation completed successfully
5:41 PM: C:\WINDOWS\system32\DELETE (ID = 337455)
5:41 PM: C:\WINDOWS\Temp\exupstd\setup.exe (ID = 341665)
5:41 PM: C:\WINDOWS\Temp\theme.nls (ID = 337451)
5:21 PM: C:\WINDOWS\system32\updstdup (1 subtraces) (ID = 2147526734)
5:21 PM: C:\WINDOWS\system32\stdcache (1246 subtraces) (ID = 2147526733)
5:21 PM: C:\WINDOWS\Temp\stdpatch (ID = 2147526735)
5:21 PM: C:\WINDOWS\Temp\inspst (ID = 2147526971)
5:21 PM: C:\WINDOWS\webwork (1 subtraces) (ID = 2147527141)
5:21 PM: C:\Program Files\Common Files\Slmss (1 subtraces) (ID = 2147485759)
5:21 PM: Found Adware: seekseek
5:21 PM: C:\WINDOWS\Temp\insmms5 (1 subtraces) (ID = 2147526737)
5:21 PM: C:\WINDOWS\system32\updstdex (1 subtraces) (ID = 2147526736)
5:21 PM: C:\WINDOWS\system32\exuppsh (1 subtraces) (ID = 2147531781)
5:21 PM: C:\WINDOWS\system32\updadini (2 subtraces) (ID = 2147526964)
5:21 PM: C:\WINDOWS\system32\stdcache\814 (3 subtraces) (ID = 2147527381)
5:21 PM: Starting File Sweep
5:21 PM: Warning: Failed to access drive A:
5:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@zedo[2].txt (ID = 3762)
5:21 PM: Found Spy Cookie: zedo cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@yadro[1].txt (ID = 3743)
5:21 PM: Found Spy Cookie: yadro cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 2337)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 2335)
5:21 PM: Found Spy Cookie: burstbeacon cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 2309)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tripod[1].txt (ID = 3591)
5:21 PM: Found Spy Cookie: tripod cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tribalfusion[2].txt (ID = 3589)
5:21 PM: Found Spy Cookie: tribalfusion cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@trafficmp[1].txt (ID = 3581)
5:21 PM: Found Spy Cookie: trafficmp cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tacoda[1].txt (ID = 6444)
5:21 PM: Found Spy Cookie: tacoda cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@statcounter[1].txt (ID = 3447)
5:21 PM: Found Spy Cookie: statcounter cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@serving-sys[2].txt (ID = 3343)
5:21 PM: Found Spy Cookie: serving-sys cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@rightmedia[2].txt (ID = 3259)
5:21 PM: Found Spy Cookie: rightmedia cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@revenue[1].txt (ID = 3257)
5:21 PM: Found Spy Cookie: revenue.net cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@realmedia[2].txt (ID = 3235)
5:21 PM: Found Spy Cookie: realmedia cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@questionmarket[1].txt (ID = 3217)
5:21 PM: Found Spy Cookie: questionmarket cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 3106)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@overture[1].txt (ID = 3105)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@nextag[1].txt (ID = 5014)
5:21 PM: Found Spy Cookie: nextag cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@mygeek[1].txt (ID = 3041)
5:21 PM: Found Spy Cookie: mygeek cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 2309)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 3669)
5:21 PM: Found Spy Cookie: webtrends cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@hypertracker[1].txt (ID = 2817)
5:21 PM: Found Spy Cookie: hypertracker.com cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@gamespy[1].txt (ID = 2719)
5:21 PM: Found Spy Cookie: gamespy cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][2].txt (ID = 2293)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 3106)
5:21 PM: Found Spy Cookie: overture cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@burstnet[2].txt (ID = 2336)
5:21 PM: Found Spy Cookie: burstnet cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@bizrate[2].txt (ID = 2308)
5:21 PM: Found Spy Cookie: bizrate cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@belnk[1].txt (ID = 2292)
5:21 PM: Found Spy Cookie: belnk cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@atwola[2].txt (ID = 2255)
5:21 PM: Found Spy Cookie: atwola cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@ask[1].txt (ID = 2245)
5:21 PM: Found Spy Cookie: ask cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adtech[2].txt (ID = 2155)
5:21 PM: Found Spy Cookie: adtech cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adserver[1].txt (ID = 2141)
5:21 PM: Found Spy Cookie: adserver cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 2087)
5:21 PM: Found Spy Cookie: adreactor cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][1].txt (ID = 3148)
5:21 PM: Found Spy Cookie: pointroll cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[4].txt (ID = 2088)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[2].txt (ID = 2088)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[1].txt (ID = 2088)
5:21 PM: Found Spy Cookie: adrevolver cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adknowledge[2].txt (ID = 2072)
5:21 PM: Found Spy Cookie: adknowledge cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey [email protected][2].txt (ID = 3751)
5:21 PM: Found Spy Cookie: yieldmanager cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@2o7[1].txt (ID = 1957)
5:21 PM: Found Spy Cookie: 2o7.net cookie
5:21 PM: Starting Cookie Sweep
5:21 PM: Registry Sweep Complete, Elapsed Time:00:00:27
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:21 PM: Found Adware: drsnsrch.com hijack
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\dsktb\ (ID = 128171)
5:21 PM: Found Adware: desktop toolbar common components
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
5:21 PM: Found Adware: cws-aboutblank
5:20 PM: HKLM\software\mmsassist\ || pid (ID = 1602524)
5:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_albus\ (ID = 1602261)
5:20 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || webwork (ID = 1601445)
5:20 PM: HKLM\software\mmsassist\ || mmsassist (ID = 1581241)
5:20 PM: HKLM\system\currentcontrolset\services\albus\ (ID = 1581088)
5:20 PM: HKLM\software\mmsassist\up\ (ID = 1580943)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webwork\ (ID = 1580935)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\vision communicate\ || uninstallstring (ID = 1580934)
5:20 PM: HKLM\software\classes\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}\ (ID = 1580916)
5:20 PM: HKCR\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}\ (ID = 1580898)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\vision communicate\ || displayname (ID = 1541655)
5:20 PM: Found Adware: boran
5:20 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadx.dll\ (ID = 147198)
5:20 PM: Found Adware: winad
5:20 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (ID = 146482)
5:20 PM: Found Adware: websearch toolbar
5:20 PM: Starting Registry Sweep
5:20 PM: Memory Sweep Complete, Elapsed Time: 00:02:27
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: Starting Memory Sweep
5:18 PM: Start Custom Sweep
5:18 PM: Sweep initiated using definitions version 817
5:18 PM: Spy Sweeper 5.2.3.2132 started
5:18 PM: | Start of Session, Friday, December 08, 2006 |
********

----Spysweeper keeps telling me EXPLORER.EXE is attempting to install a browser add-on.

And the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:53 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Desktop Stuff\antihijack soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: >> ²ÊÐÅ·¢ËÍ << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖÃ - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: ¿áÈÈÓ°Òô - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150247875765
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: winyok - Unknown owner - C:\WINDOWS\TEMP\yok666\yok.exe (file missing)

#13
MFDnSC

Posted 08 December 2006 - 05:45 PM

Banned

Banned
1,137 posts

Add remove programs – remove Logitech desktop messenger!
=============================================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll

O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 –k

O8 - Extra context menu item: >> ²ÊÐÅ·¢ËÍ << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm

O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm

O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll

O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖÃ - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll

O9 - Extra button: ¿áÈÈÓ°Òô - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)

O23 - Service: winyok - Unknown owner - C:\WINDOWS\TEMP\yok666\yok.exe (file missing)
============================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

winyok

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

C:\PROGRA~1\vision
C:\PROGRA~1\MMSASS~1

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

#14
Scrilla

Posted 08 December 2006 - 06:54 PM

Member

Topic Starter
Member
66 posts

Thanks again for your help, followed your instructions and...

Killbox Results:
C:\PROGRA~1\vision--Cannot Delete This File
C:\PROGRA~1\MMSASS~1--File does not exist

Only file remaining in C:\DOCUME~1\TREYHU~1\LOCALS~1\Temp (%temp%)
is~DF5A79. C:\Windows\Temp was fully deleted.

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:53:39 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Desktop Stuff\antihijack soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150247875765
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#15
MFDnSC

Posted 08 December 2006 - 07:14 PM

Banned

Banned
1,137 posts

Really want to get combo to run

Fix this entry

O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
===============================

http://support.micro...?...US;q254914

if no joy

- http://www.visualtour.com/downloads/

Scroll down to get XP Fix

Now try combo again