Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG and Emails

Started by dishmunky , May 24 2005 06:48 PM

  • Please log in to reply

#16
coachwife6
Posted 27 May 2005 - 10:02 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Try to update it. If you can't, go through the validation process and tell me what it says.
  • 0

Advertisements

#17
dishmunky
Posted 28 May 2005 - 12:49 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Got it now! I found it off of download.com, the one you gave me tried to give me SP2 because it screwed up last time I tried.

New Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:46:09 PM, on 5/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kathleen.GALLANT-MKYE1XJ\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\svgnimz.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [mstxega] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tsbrxpq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [lrateun] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [isctxdu] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ucivrdm] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [qshoxwi] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [fdelwwp] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mnvaxov] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xbpjdny] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dsbsykt] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [sfngdtc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [asqldsg] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [lefxlqd] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [muputft] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [iskkylw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [efneoja] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xfxyttq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [wyxlqdc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tuppgqk] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mahpcny] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rukeflb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [crjisqv] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [povdfhr] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xutknaq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tybhwqx] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [wjnnvom] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [utgukqg] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ewmgbsm] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [atbwtci] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [uvijuck] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [hxyhpir] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xwwoswj] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xyunlca] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [yshlcnr] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mcmgsvb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dwrujpv] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rmhvega] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [yjdbcai] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [oldovfl] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [pwolnqs] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [flquubb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [vibctcs] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [fappdwi] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [enmllcj] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [smjuspw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [cgfkvpe] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rkggpcy] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ltyfxbh] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dtadtkw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [nkhbmdc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [qknekvw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [crnujre] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ngpqwdj] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [iwkinos] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [mgouhao] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [llifktn] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [fipldht] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ueksafu] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [sllepvu] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [tekomsy] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [qlpvvle] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ydlmsvk] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [pxdtept] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [vgvhadf] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [hwuxack] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [onbbnjy] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [icpunxu] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [lkntkcl] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [gyqqgjv] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [ilerplu] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [vjsxkqa] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [ctaiqlj] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [vnrglbg] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [nlknqoc] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [twqeauf] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [kwbjilx] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [sorjhoc] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [kicwpsu] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [smximte] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [apffoac] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [gixkdnl] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [etnrxmo] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [ejdltam] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qmywphv] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [djstegc] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [bjbgnjt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [wnfjmjd] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qcavmlp] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [vtvngbj] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [isxudjp] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [fdnobae] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [upvisbw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [eeqjygy] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [cyfcvsm] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qlvmwrt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [hptlylw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [gbjtqtx] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qvpbkgw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [phlowan] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [dirasoo] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [rfkhyts] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [bapwnvt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [suhaebx] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [peikfbc] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [nhhlifr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [jpmucja] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [aviavds] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [xgynhlq] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [plskhhr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [octuuck] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [lpvgasg] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qafjldp] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ccmtsvw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wybwmjf] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [huqdnlt] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ejnuamw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wdclpgw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [usqnuiw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [spgyhqv] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rpklbsh] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ssvubtd] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qcidciu] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rdxooud] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rhnyfyj] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [pgsquto] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [kjntria] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wepuknl] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [lqmeupl] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [irgtsau] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ylbvqag] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [pvsmgxr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [hrtlnfm] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qrnpcqa] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50033782-246E-4CF3-ADC4-EF663F9F1209}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C00CB7D-47D6-466D-BC96-2EE0CCAAA88B}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: bw+0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#18
coachwife6
Posted 28 May 2005 - 01:18 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
* Download this regfix:HSfix
Unzip it and place it on your desktop, don't use it yet!

* Download and install Ccleaner
Do not use it yet.

* Please download ewido:
http://www.ewido.net/en/download/
Let it update, but don't let it scan yet!!

*It's better to print out these instructions out, because you have a lot of steps to take, so you have a better look on it and this page wouldn't be available all the time. It's also really important you perform everything in the right order.

*Please reboot your system into SAFE MODE.
°To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\svgnimz.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe

O4 - HKCU\..\Run: [mstxega] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tsbrxpq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [lrateun] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [isctxdu] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ucivrdm] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [qshoxwi] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [fdelwwp] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mnvaxov] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xbpjdny] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dsbsykt] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [sfngdtc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [asqldsg] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [lefxlqd] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [muputft] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [iskkylw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [efneoja] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xfxyttq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [wyxlqdc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tuppgqk] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mahpcny] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rukeflb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [crjisqv] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [povdfhr] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xutknaq] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [tybhwqx] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [wjnnvom] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [utgukqg] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ewmgbsm] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [atbwtci] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [uvijuck] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [hxyhpir] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xwwoswj] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [xyunlca] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [yshlcnr] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [mcmgsvb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dwrujpv] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rmhvega] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [yjdbcai] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [oldovfl] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [pwolnqs] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [flquubb] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [vibctcs] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [fappdwi] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [enmllcj] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [smjuspw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [cgfkvpe] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [rkggpcy] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [ltyfxbh] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [dtadtkw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [nkhbmdc] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [qknekvw] c:\windows\ybsvjom.exe
O4 - HKCU\..\Run: [crnujre] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ngpqwdj] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [iwkinos] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [mgouhao] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [llifktn] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [fipldht] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ueksafu] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [sllepvu] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [tekomsy] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [qlpvvle] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [ydlmsvk] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [pxdtept] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [vgvhadf] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [hwuxack] c:\windows\xdpajts.exe
O4 - HKCU\..\Run: [onbbnjy] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [icpunxu] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [lkntkcl] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [gyqqgjv] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [ilerplu] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [vjsxkqa] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [ctaiqlj] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [vnrglbg] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [nlknqoc] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [twqeauf] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [kwbjilx] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [sorjhoc] c:\windows\gvmmamc.exe
O4 - HKCU\..\Run: [kicwpsu] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [smximte] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [apffoac] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [gixkdnl] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [etnrxmo] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [ejdltam] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qmywphv] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [djstegc] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [bjbgnjt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [wnfjmjd] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qcavmlp] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [vtvngbj] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [isxudjp] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [fdnobae] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [upvisbw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [eeqjygy] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [cyfcvsm] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qlvmwrt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [hptlylw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [gbjtqtx] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [qvpbkgw] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [phlowan] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [dirasoo] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [rfkhyts] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [bapwnvt] c:\windows\norkcdi.exe
O4 - HKCU\..\Run: [suhaebx] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [peikfbc] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [nhhlifr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [jpmucja] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [aviavds] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [xgynhlq] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [plskhhr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [octuuck] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [lpvgasg] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qafjldp] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ccmtsvw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wybwmjf] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [huqdnlt] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ejnuamw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wdclpgw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [usqnuiw] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [spgyhqv] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rpklbsh] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ssvubtd] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qcidciu] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rdxooud] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [rhnyfyj] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [pgsquto] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [kjntria] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wepuknl] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [lqmeupl] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [irgtsau] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [ylbvqag] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [pvsmgxr] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [hrtlnfm] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [qrnpcqa] c:\windows\rcijjoy.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)

O18 - Protocol: bw+0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

*Close all open windows except hijackthis and click 'Fix Checked'.


*Navigate to and delete the following files if present:

c:\windows\ybsvjom.exe
c:\windows\xdpajts.exe
c:\windows\gvmmamc.exe
c:\windows\norkcdi.exe
c:\windows\rcijjoy.exe

*Start Aboutbuster and let it scan. Click Ok/yes for every instruction that aboutbuster is giving you.
Let it scan a second time to make sure it can get rid of everything.
When finished, click 'save log'

*Start Cwshredder and click FIX

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Start Ccleaner and click Run cleaner

* Still in safe mode, perform a full scan with ewido and let it delete everything it is finding!
When done, you'll get the option to make a log and save it.
So save it because I'll need it later.

*Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

*Reboot your PC back to normal.

*Post a new hijackthis-log + log aboutbuster + ewido-log
  • 0

#19
dishmunky
Posted 28 May 2005 - 03:31 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,
You didn't give me a link for AboutBuster...

Also, I don't know how to scan with ewido, but I'm updating it now.

All those .exe files were not in my hijack this log when in safe mode, but I deleted a few of them...

and yes, AVG is still sending e-mails.

Thanks
  • 0

#20
coachwife6
Posted 28 May 2005 - 04:32 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
About Buster
  • 0

#21
dishmunky
Posted 28 May 2005 - 04:56 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi!

New HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:21 PM, on 5/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kathleen.GALLANT-MKYE1XJ\My Documents\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0249969D-32FB-4F9F-A921-FD4DE37583EF}: NameServer = 69.50.176.156 195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{50033782-246E-4CF3-ADC4-EF663F9F1209}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C00CB7D-47D6-466D-BC96-2EE0CCAAA88B}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{0249969D-32FB-4F9F-A921-FD4DE37583EF}: NameServer = 69.50.176.156 195.225.176.31
O18 - Protocol: bw+0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A86668E-F01F-4440-9C77-FC80AC647F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


About:Buster Log:

Scanned at: 7:53:13 PM on: 5/28/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

ewido log will be posted later on tonight, going to take a while!

Thanks!
  • 0

#22
coachwife6
Posted 28 May 2005 - 05:06 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
check all those 018s (logitech) in hijack this.

reboot into safe mode and get rid of this file.

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

reboot and post a new log.
  • 0

#23
dishmunky
Posted 28 May 2005 - 06:09 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:31:13 PM, 5/28/2005
+ Report-Checksum: 74AFB487

+ Date of database: 5/28/2005
+ Version of scan engine: v3.0

+ Duration: 32 min
+ Scanned Files: 78719
+ Speed: 39.95 Files/Second
+ Infected files: 7
+ Removed files: 7
+ Files put in quarantine: 7
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Documents and Settings
C:\host-news
C:\kb
C:\Program Files
C:\System Volume Information
C:\WINDOWS

+ Scan result:
C:\Documents and Settings\Kathleen.GALLANT-MKYE1XJ\Local Settings\Temporary Internet Files\Content.IE5\DWS7THS1\latest[1].exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\Program Files\Uninstall My Web Search.dll -> Spyware.MyWebSearch -> Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch -> Cleaned with backup
C:\WINDOWS\system32\latest.exe -> TrojanProxy.Lager.k -> Cleaned with backup
C:\WINDOWS\system32\win32.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\system32\~update.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.PdPinch -> Cleaned with backup


::Report End

New HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:43 PM, on 5/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Kathleen.GALLANT-MKYE1XJ\My Documents\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0249969D-32FB-4F9F-A921-FD4DE37583EF}: NameServer = 69.50.176.156 195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{50033782-246E-4CF3-ADC4-EF663F9F1209}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C00CB7D-47D6-466D-BC96-2EE0CCAAA88B}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{0249969D-32FB-4F9F-A921-FD4DE37583EF}: NameServer = 69.50.176.156 195.225.176.31
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Getting there...but still sending emails
  • 0

#24
coachwife6
Posted 28 May 2005 - 06:19 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Here is a possible solution on the AVG situation.

http://forum.grisoft...ead.php?3,35224
  • 0

#25
dishmunky
Posted 28 May 2005 - 08:06 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Nope, nothing of help there :tazz:
  • 0

Advertisements

#26
coachwife6
Posted 28 May 2005 - 08:18 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please tell me exactly what is happening with avg and the e-mail situation.

Is this your ISP?

WHOIS
  • 0

#27
dishmunky
Posted 28 May 2005 - 08:38 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OK:

I boot up the computer in the morning and everything loads up. I dial-up, and then in the corner of the screen I see AVG E-Mail Scanner running. The messages say something like:

Connecting to <some IP address>

then

Sending Message to <some e-mail addy>

Then my mother gets tons of unsent email messages from AVG Email Scanner saying the IP rejected it (probably because it's a virus).

I noticed in the unsent emails, they have attachments called "teen playground"....

My mother also mentioned a couple of days ago she received about 3000 unsent messages so it's running in the background even when I shut off the email scanner.

Edit: ISP is Sympatico

Edited by dishmunky, 28 May 2005 - 08:42 PM.

  • 0

#28
coachwife6
Posted 28 May 2005 - 10:55 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Is this your ISP?

OrgName: Atrivo
OrgID: ATRIV
Address: 200 Paul Avenue
City: San Francisco
StateProv: CA
PostalCode: 94124
Country: US
  • 0

#29
coachwife6
Posted 28 May 2005 - 11:02 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please download CleanUp! - Download - HomePage
Install and run. Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

I also want you to make sure all files are showing and do a search on your computer for teen playground. Tell me ifyou find anything and where.
  • 0

#30
dishmunky
Posted 29 May 2005 - 09:36 PM

dishmunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No that's not my ISP...I'm in Canada

I'll get that stuff tomorrow, I've had a busy day today and its late.

Thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP