hijack log file

jbb · 2006/07/14

I have tried to post my hijack log file here but i keep getting error that the log has too many characters. How do I fix this so I can post file here and get some help to remove the nasty malware pop ups

I have run Norton 2006 , adaware, spybot but nothing seems to permanently delete all of this

thanks for your help
JBB

PeteC · 2006/07/14

jbb - Welcome to the Board

Split the log across 2 posts - and before you post please see my standard note below re downloading HJT ....

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location.
Click to expand...

And please do tell us exactly what problems you have - in as much detail as possible.

jbb · 2006/07/14

Hijack log file - part 1

Thanks PeteC. I have had "System Alert: Popups
Your computer is infected with spyware managing pop-up advertisements (OHPE ver 4.12_23).Click the icon to learn more about what you can do about pop-up windows and other unwanted software." and "Critical System Error!
System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software." -When I run the adaware and spybot they keep picking up vcodec among others.

Here is first half of hijack log and will post second half as part 2
Thanks jbb

Logfile of HijackThis v1.99.1
Scan saved at 7:19:45 AM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1150572612\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.10.0.32\PlaxoHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\common files\aol\1150572612\ee\aim6.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Hijackthis\HijackThis.exe

jbb · 2006/07/14

hijack log file part 2 -

and part 2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150572612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.10.0.32\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PeteC · 2006/07/14

Yes - unfortunately your computer is infected, but hopefully we can clean it up without too much trouble ....

I shall post a series of instructions - please follow them to the letter and post the logs as and when requested - you may find it convenient to print them out. Here we go ....

Please download SmitfraudFix and unzip the contents to a folder on your Desktop.

Please download and install the 30 day trial version of Ewido Anti-Spyware

Run the program either from the Desktop icon if you chose to install one or from Start > Programs. On the main screen select the Update icon followed by the "Update now" link and click on the Start Update button. The update will start and a progress bar will show the updates being installed.

When the update has completed select the Scanner icon at the top of the window and click on the Settings tab.

On the Settings screen click on Recommended actions and then on Quarantine.

Under Reports select Automatically generate report after every scan and deselect Only if threats were found.

Close Ewido Anti-spyware. Do not run a scan just yet.

Open the SmitfraudFix folder and double click on Smitfraudfix.cmd

If a Security Warning pops up hit the Run button

A command window appears > press any key to continue

On the line with the flashing cursor 'Enter your choice (1.2 ....) type 1 and press Enter

The program scans your system and when the scan has completed a Notepad window opens containing the scan report - a copy of this file is saved as C:\rapport.txt.

Boot into Safe Mode and log onto your usual account.

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
Click to expand...

Do not open any other windows or programs while Ewido is scanning as this may interfere with the scanning process.

Start Ewido Anti-spyware by double-clicking the icon on your desktop or from Start > Programs and select the Scanner icon at the top of the window followed by the Scan tab and click on Complete System Scan. The scanning process will start and may take some time.

When the scan is complete if any infections were detected you will prompted for an action - select Apply all actions.

Then select the Reports icon at the top of the window and click on the Save report as button in the lower left hand corner of the screen and save it as a text file (be sure to remember where you saved that file, this is important).

Close Ewido and reboot your system back into Normal Mode and post the Ewido scan report here together with the SmitfraudFix log saved as C:\rapport.txt.

PeteC · 2006/07/15

Received by email from jbb....

Pete
As you suggested yesterday I downloaded some files to get rid of malware(ewid and smitfi) and tried to get into safe mode but computer keeps hanging up in black screen after windows log in with safe mode in white letters in each corner of sreen. So i stupidly went into msconfig from normal windows boot and checked start in safe mode. Now I am caught in an endless loop and can't get back into normal boot up. Still doesn't solve the safe mode problem but can you at least get me back to normal boot up...then what to do about getting into safe mode ?
Thanks jbb
Click to expand...

jbb · 2006/07/15

Finally figured out how to get ewido to run in safe mode. Here is ewido report part 1
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:23:41 PM 7/15/2006

+ Scan result:

C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : No action taken.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.yt : No action taken.
C:\WINDOWS\system32\isnotify.exe -> Downloader.Zlob.yt : No action taken.
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
:mozilla.100:C:\RECYCLER\NPROTECT\00334201.MOZ -> TrackingCookie.2o7 : No action taken.
<SNIP>
:mozilla.58:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\RECYCLER\NPROTECT\00334593.MOZ -> TrackingCookie.2o7 : No action taken.
<SNIP>
:mozilla.59:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\RECYCLER\NPROTECT\00334673.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\RECYCLER\NPROTECT\00334683.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\RECYCLER\NPROTECT\00334687.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\RECYCLER\NPROTECT\00334687.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\RECYCLER\NPROTECT\00334687.MOZ -> TrackingCookie.2o7 : No action taken.
<SNIP>
:mozilla.89:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.89:C:\RECYCLER\NPROTECT\00334687.MOZ -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Jessica\Cookies\jessica@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00333725.MOZ -> TrackingCookie.Doubleclick : No action taken.
<SNIP>
<SNIP>
C:\Documents and Settings\Jessica\Cookies\jessica@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\win5B.tmp -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winD94.tmp.exe -> Trojan.Pakes : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.

::Report end

SmitFraudFix v2.70

Scan done at 19:13:29.17, Fri 07/14/2006
Run from C:\Documents and Settings\Jessica\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessica\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jessica\FAVORI~1

C:\DOCUME~1\Jessica\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum "= "{93ac7c30-3878-4eaa-9420-7977285df5b1} "

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Admin. · 2006/07/15

Please keep all in one thread!

I've removed all the ueseless fluff reporting 'tracking' cookies in the Norton Protected recycle bin.

jbb · 2006/07/15

HIjack LOG FILE - EWIDO AND RAPPORT

Admin. said:

Please keep all in one thread!

I've removed all the ueseless fluff reporting 'tracking' cookies in the Norton Protected recycle bin.
Click to expand...

ok - now what should be my next step, if any. I still see that there is malware and norton and ewido have quarrantined them.
Thanks

PeteC · 2006/07/16

jbb

I've not abandoned you Was out all yesterday afternoon/evening and not back until midnight - and out today until the evening. We are not finished yet

I will study the Ewido log you emailled in full tonight, but those items are harmless now they are in quarantine. BTW did you save the report before you clicked on Apply All Actions since the report shows that no action was taken?

SmithfaudFix has identified some nasties, so .....

You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

Boot into Safe Mode and log onto your usual account.

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
Click to expand...

In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

Stay or reboot into Safe Mode.

Open the folder in which you placed HJT and double click on hijackthis.exe and select Scan and save a log file - this will be saved in the folder from which you ran HJT.

Reboot into Normal mode and post the log here together with post the contents of the SmitfraudFix log located at C:\rapport.txt.

BTW - how did you manage to get out of the Safe Mode loop?

jbb · 2006/07/16

Hijack log-ewido-rapport

Thanks Pete -
I got out of the loop by doing a system restore. Then when I was in the black screen of the safe mode that had safe mode in each corner with nothing in the middle I did a control alt del and brought up task manager and then was able to find the ewido exe file and let it run that way. I did not see any "apply actions" tab but I will try again and report in along with your most current instructions.
jbb

jbb · 2006/07/16

Hijack log-ewido-rapport

Pete
First let me apologize for the multiple threads fromother day - a bit bbs challenged but obviously I figured that out.

I went back to safe mode, re ran ewisdo and applied actions. Here is the resulting report.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:58:01 AM 7/16/2006

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
:mozilla.10:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.51:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.8:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.81:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.82:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.92:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica\Cookies\jessica@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.170:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.171:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.171:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.172:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.172:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.173:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.173:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.174:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.181:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.182:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.183:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.184:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.152:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.153:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.153:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.154:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.154:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.155:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.155:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.156:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.156:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.157:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.157:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.158:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.158:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.159:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.159:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.160:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.163:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.164:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.165:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.166:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.167:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.168:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.169:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.170:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica\Cookies\jessica@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.119:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.120:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.120:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.121:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.121:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.122:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.122:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.123:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.130:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.131:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.132:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.133:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.124:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.125:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.125:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.126:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.135:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.136:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.127:C:\RECYCLER\NPROTECT\00355042.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\wj55msq6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.128:C:\RECYCLER\NPROTECT\00355164.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.138:C:\RECYCLER\NPROTECT\00355033.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica\Cookies\jessica@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winuuv32.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win64E.tmp -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winD94.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winEE0.tmp -> Trojan.Pakes : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

I ran smitfraudfix as you suggested and here is the resulting rapport

SmitFraudFix v2.70

Scan done at 9:06:47.14, Sun 07/16/2006
Run from C:\Documents and Settings\Jessica\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum "= "{93ac7c30-3878-4eaa-9420-7977285df5b1} "

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\Jessica\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Look forward to hearing back from you to see if this looks like we have killed all the nasties. Upon reboot, no warnings have come up so I feel like all might be good!

Thanks so much for your help. Waiting for confirmation.
Best
jbb

PeteC · 2006/07/16

SmitfraudFix Stage 2 has cleaned uo the infections it detected, but I need to see the HJT log from a scan after you ran the fix to clean up completely. See my last instructions ....

Stay or reboot into Safe Mode.

Open the folder in which you placed HJT and double click on hijackthis.exe and select Scan and save a log file - this will be saved in the folder from which you ran HJT.

Reboot into Normal mode and post the log here together with post the contents of the SmitfraudFix log located at C:\rapport.txt.
Click to expand...

jbb · 2006/07/16

Sorry - forgot to give this to you. Here is hijack log file after all scans etc.
Logfile of HijackThis v1.99.1
Scan saved at 9:10:07 AM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150572612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.10.0.32\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8ABEB86B-1FB7-4847-84F1-8624A2C04843} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PeteC · 2006/07/16

Your HJT log is clean - you're 'good to go'

One final step ....

Turn off System Restore, reboot and turn it back on again. Some of your restore points will be inevitably infected - turning off System Restore will delete all the restore points.

If you are not using Logitech Desktop Manager ....

Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Click to expand...

- basically very unnecessary and you can scan again with HJT and place a checkmark against all the 018 entries and hit Fix Selected ....

I would also clean out your Norton Protected Recycle bin.

Log in or Sign up

hijack log file

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

jbb Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

jbb Inactive Thread Starter

Admin. Administrator Administrator Staff

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

hijack log file

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

jbb Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

jbb Inactive Thread Starter

Admin. Administrator Administrator Staff

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

jbb Inactive Thread Starter

PeteC SuperGeek Staff

jbb Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches