Surf Sidekick be a vicious beastie

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

Quite a mess! I would uninstall Logitech Desktop Messenger if not used.

Now download the following tools for me

CCleaner
http://www.filehippo.com/download/51b30b1401c95091feb32bb89cfe8bbe/download.html

Ad-Aware SE Personal
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-2

Spybot Search and Destroy
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Ewido
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1

Spysweeper
http://www.malwareteks.com/dload.php?action=download&file_id=5

Pocket Killbox
http://bleepingcomputer.com/files/spyware/KillBox.zip
-Unzip to its own folder

Now since you have Windows XP - I want us to start in Safe Mode with Networking
-Restart your PC
-Repeatedly tap F8 before the "Loading Windows" screen appears
-Choose Safe Mode with Networking
-You will see the screen scroll down - this is normal

Now on to the cleaning...

Open up CCleaner first
-run ONLY the default scan (Windows Tab). Do Not “Scan For Issues unless specifically asked to do so!
-Simply open it and choose Run Cleaner

Open Ad-Aware
-Allow it to update to the latest definitions
-Run it and remove everything it finds

Open Spybot
-Allow it to update
-Run it and fix what it finds

Open Ewido
-Click Update>Start Update
-Run it and remove everything it finds
-Save the report at the end and attach it for me when you return

Now Reboot back into Normal Mode

Open Spysweeper
-Allow it to update then run a Sweep
-Let it remove everything it finds
-Please save this log for me and attach it

Now run Kaspersky Online Scanner
http://www.kaspersky.com/scanforvirus.html

Save the log and attach it for me as well.

If you can not get these logs in one post that is fine, use as many posts as necessary.

I need the followingEwido Scan Report
Spysweepers log
Kaspersky's log
New HijackThis log
If you run into trouble with a particular step, just skip it and move on. Let me know when you return any problems you may have encountered

Good Luck :)

Posting Whiz in Training

246 posts since Feb 2006

Reputation Points: 11

Solved Threads: 14

0

Okie, I did what you asked, but there's a problem, the Kaversky won't run...I let it sit for a good 30 minutes, and it just hangs on me...again and again and again.

So here we go for the copy - pastes

Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:34:09 PM, 3/22/2006
+ Report-Checksum: 6107E622

+ Scan result:

[504] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Cleaned with backup
[1052] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Error during cleaning
[712] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Error during cleaning
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0088936.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089914.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089917.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089918.exe -> Downloader.VB.yu : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089919.exe -> Downloader.Agent.afi : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089921.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089931.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089933.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089934.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089935.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089937.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089938.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089940.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089942.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089982.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089983.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089986.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089987.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089989.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089991.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090009.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090010.ocx -> Downloader.VB.ov : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090014.exe -> Downloader.VB.uc : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090016.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090017.exe -> Downloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090020.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090024.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090028.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090029.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091031.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091033.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091035.exe -> Downloader.VB.yv : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091036.exe -> Hijacker.VB.lv : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091037.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091038.exe -> Downloader.VB.ri : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091040.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091041.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091042.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091043.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091045.dll -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091046.exe -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091047.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091048.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091049.exe -> Downloader.Small.ckq : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091050.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091051.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091052.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091054.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091061.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0092054.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0094065.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0094095.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095106.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095107.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095108.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095109.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095110.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0095126.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096139.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096149.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096258.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096264.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096268.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096273.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096318.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096322.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096327.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096330.exe -> Dropper.VB.me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096331.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096332.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096333.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096334.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096335.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096336.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096337.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096338.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096339.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096340.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096341.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096342.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096343.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096344.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096348.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096355.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096356.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096381.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096382.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096383.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096384.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096385.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096386.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096390.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096392.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096400.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096401.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096402.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\skjjn.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\vnrsion.dll -> Adware.Look2Me : Cleaned with backup

::Report End

Spy Sweeper

********
6:47 PM: | Start of Session, Wednesday, March 22, 2006 |
6:47 PM: Spy Sweeper started
6:47 PM: Sweep initiated using definitions version 556
6:47 PM: Starting Memory Sweep
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: Memory Sweep Complete, Elapsed Time: 00:01:10
6:48 PM: Starting Registry Sweep
6:48 PM: Found Adware: cws-aboutblank
6:48 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
6:48 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
6:48 PM: Found Adware: media-motor
6:48 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
6:48 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
6:48 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
6:48 PM: Found Adware: surfsidekick
6:48 PM: HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
6:48 PM: HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
6:48 PM: Registry Sweep Complete, Elapsed Time:00:00:12
6:48 PM: Starting Cookie Sweep
6:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:48 PM: Starting File Sweep
6:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM: Warning: Invalid Stream
6:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: Warning: Invalid file - not a PKZip file
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: Warning: Invalid file - not a PKZip file
7:00 PM: File Sweep Complete, Elapsed Time: 00:11:55
7:00 PM: Full Sweep has completed. Elapsed time 00:13:18
7:00 PM: Traces Found: 49
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: Removal process initiated
7:09 PM: Quarantining All Traces: cws-aboutblank
7:09 PM: Quarantining All Traces: media-motor
7:09 PM: Quarantining All Traces: surfsidekick
7:09 PM: Removal process completed. Elapsed time 00:00:01
********
6:39 PM: | Start of Session, Wednesday, March 22, 2006 |
6:39 PM: Spy Sweeper started
6:39 PM: Sweep initiated using definitions version 556
6:39 PM: Starting Memory Sweep
6:39 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
6:40 PM: Starting Registry Sweep
6:40 PM: Found Adware: cws-aboutblank
6:40 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
6:40 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
6:40 PM: Found Adware: media-motor
6:40 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
6:40 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
6:40 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
6:40 PM: Found Adware: surfsidekick
6:40 PM: HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
6:40 PM: HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
6:40 PM: Registry Sweep Complete, Elapsed Time:00:00:11
6:40 PM: Starting Cookie Sweep
6:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:40 PM: Starting File Sweep
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: File Sweep Complete, Elapsed Time: 00:02:47
6:43 PM: Full Sweep has completed. Elapsed time 00:04:37
6:43 PM: Traces Found: 49
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: | End of Session, Wednesday, March 22, 2006 |
********
6:37 PM: | Start of Session, Wednesday, March 22, 2006 |
6:37 PM: Spy Sweeper started
6:38 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
6:39 PM: | End of Session, Wednesday, March 22, 2006 |

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

And newest HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:13 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\ewljb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\k6pmlg7116.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

OH! Two last things
1. Thank you very much for taking the time to help me with this. My computer holds a lot of great memories for my family, and it would be a sad day if I lost it.

2. a pop-up keeps appearing that says:
"An exception occured while trying to run ""C:\WINDOWS\system32\guard.tmp",DllGetVersion"

Does that mean anything important other than "Hey lookie me!"

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

Unusual! Never seen Spysweeper not completely get Look2Me - must be a new variant, or something blocked the fix..

There is still several things we need to do based on your log...

Do you use Logitech Desktop Messenger? If not uninstall it thru Add/Remove Programs

Please go here ---> About:Buster 6.0 Tutorial
-- Follow the instructions to run About:Buster
- Be sure to run it in Safe Mode
- Run it TWICE as per the instructions
-Save the logs as ab1.txt and ab2.txt

Now Reboot back to Normal Mode...

Please download and EXTRACT QoologicFinder2 to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce 2 logs - Please attach BOTH with your next post!

Please go to this link and follow the instructions to scan with WinPFind by OldTimer .
Please save and attach the WinPFind Log for us.

Please download Look2Me-Destroyer.exe to your desktop.
-Close all windows before continuing.
-Double-click Look2Me-Destroyer.exe to run it.
-Put a check next to Run this program as a task.
-You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
-When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
-Once it's done scanning, click the Remove L2M button.
-You will receive a Done Scanning message, click OK.
-When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt

When you return I need the following logs
-Both About:Buster logs
-WinPFind log
-Both Qoologic logs
-Look2Me log
-New HijackThis log

After this we will try and clean up whats in the log :)

Posting Whiz in Training

246 posts since Feb 2006

Reputation Points: 11

Solved Threads: 14

0

okie, I uninstalled the logitech messenger. Never used it, it appeared after I got a new keyboard and mouse.

On to round 2!

First, the about buster1:
AboutBuster 6.01
Scan started on [3/22/2006] at [9:56:58 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:57:38 PM

And buster2:
AboutBuster 6.01
Scan started on [3/22/2006] at [9:59:13 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:59:18 PM

Now for Win PF:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 3/20/2006 3:39:08 AM 253952 C:\302.exe
UPX! 3/20/2006 3:39:24 AM 601088 C:\315502.exe

Checking %ProgramFilesDir% folder...
UPX! 3/29/2002 9:20:40 PM 55808 C:\Program Files\Key-generator 5590.exe

Checking %WinDir% folder...
UPX! 3/18/2005 5:54:00 AM 43391 C:\WINDOWS\browser.exe
UPX! 3/10/2004 9:11:46 PM 97800218 C:\WINDOWS\Dragon Pink - 01.asf
PEC2 3/10/2004 9:11:46 PM 97800218 C:\WINDOWS\Dragon Pink - 01.asf

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/4/2004 1:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 3/22/2006 6:35:56 PM R S 235562 C:\WINDOWS\SYSTEM32\hr0205doe.dll
ad-w-a-r-e.com 3/22/2006 6:35:56 PM R S 235562 C:\WINDOWS\SYSTEM32\hr0205doe.dll
WinShutDown 3/22/2006 9:46:32 PM R S 236079 C:\WINDOWS\SYSTEM32\ktdycc.dll
ad-w-a-r-e.com 3/22/2006 9:46:32 PM R S 236079 C:\WINDOWS\SYSTEM32\ktdycc.dll
PECompact2 3/9/2006 6:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 3/9/2006 6:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 3/22/2006 6:39:58 PM R S 235357 C:\WINDOWS\SYSTEM32\o6660gjse6o60.dll
ad-w-a-r-e.com 3/22/2006 6:39:58 PM R S 235357 C:\WINDOWS\SYSTEM32\o6660gjse6o60.dll
Umonitor 8/4/2004 1:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 1:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 3/22/2006 9:48:50 PM 51712 C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll
209.66.67.134 3/22/2006 9:48:50 PM 51712 C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll
web-nex 3/22/2006 9:48:50 PM 51712 C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com

Checking the Windows folder and 3/22/2006 10:00:30 PM 3/22/2006 9:59:52 PM 3/22/2006 6:35:56 PM 3/22/2006 9:46:32 PM 3/22/2006 10:00:40 PM 3/22/2006 6:39:58 PM 3/22/2006 9:55:50 PM 3/22/2006 10:01:52 PM 3/22/2006 10:18:32 PM 3/22/2006 10:00:36 PM 3/22/2006 10:02:10 PM 3/22/2006 10:18:32 PM 3/22/2006 10:19:18 PM 3/15/2006 3:00:32 AM 3/22/2006 2:32:46 PM 3/22/2006 2:32:44 PM 3/22/2006 2:32:46 PM 3/22/2006 2:32:44 PM 3/19/2006 9:02:22 PM 3/19/2006 9:02:22 PM 3/22/2006 10:00:48 PM H 6 3/22/2006 5:06:28 PM 3/22/2006 5:06:28 PM sub-folders for system and hidden files within the last 60 days...
S 2048 C:\WINDOWS\bootstat.dat
R S 235357 C:\WINDOWS\system32\dnl8013ue.dll
R S 235562 C:\WINDOWS\system32\hr0205doe.dll
R S 236079 C:\WINDOWS\system32\ktdycc.dll
R S 237331 C:\WINDOWS\system32\mgrating.dll
R S 235357 C:\WINDOWS\system32\o6660gjse6o60.dll
R S 237331 C:\WINDOWS\system32\s4pule791h.dll
H 35864 C:\WINDOWS\system32\vsconfig.xml
H 1024 C:\WINDOWS\system32\config\default.LOG
H 1024 C:\WINDOWS\system32\config\SAM.LOG
H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
H 1024 C:\WINDOWS\system32\config\software.LOG
H 1024 C:\WINDOWS\system32\config\system.LOG
H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
S 21601 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
S 408 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2fd2bd0a-b372-4d01-bf57-ead521f848f1
HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
C:\WINDOWS\Tasks\SA.DAT
HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 5/14/2004 8:26:34 PM 14268928 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 1:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 6/21/2005 3:46:18 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
9/28/2005 7:37:44 PM 53248 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Squid Software OÜ 6/11/2005 10:17:54 PM 77312 C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 2/10/2004 6:53:24 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/28/2005 7:23:54 PM 1018 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
9/17/2004 1:20:52 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/21/2006 4:44:02 PM 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fuhgh.exe
9/28/2005 7:16:26 PM 1762 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/27/2005 5:32:56 PM 1785 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/17/2004 8:10:44 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
9/17/2004 1:20:52 PM HS 84 C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/17/2004 8:10:44 AM HS 62 C:\Documents and Settings\Mikey\Application Data\desktop.ini
3/22/2006 2:47:38 PM 30048 C:\Documents and Settings\Mikey\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{6EF8FABF-2A9E-437D-A13A-0860CE2209BD} = C:\WINDOWS\system32\dcwave.dll
{F4548148-DC96-4FA1-B4C7-88A89715580B} = C:\WINDOWS\system32\vnrsion.dll
{5B56CF96-6A79-49AC-8C63-485540C97188} = C:\WINDOWS\system32\rvoc3260.dll
{8D78E43F-6265-4451-A8D3-A2D17C057CC4} = C:\WINDOWS\system32\mgrating.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
= C:\WINDOWS\system32\dmonwv.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAAC59E5-093D-4D24-A105-55BFE4ACDE14}
Yvakt Class = C:\WINDOWS\system32\w9seq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{F5735C15-1FB2-41FE-BA12-242757E69DDE} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
q8lg "C:\WINDOWS\system32\slk8x2peu.exe"
UnlockerAssistant C:\Program Files\Unlocker\UnlockerAssistant.exe
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
meywbw C:\WINDOWS\system32\nnufby.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
jbgyc C:\WINDOWS\system32\nnufby.exe reg_run
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAZAA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kazaa
hkey HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kazaa
hkey HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command \Program\
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command \Program\
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetZero_uoltray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exec
hkey HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exec
hkey HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item P2P Networking
hkey HKLM
command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item P2P Networking
hkey HKLM
command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\spc_w
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nzspc
hkey HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nzspc
hkey HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
dspimd C:\WINDOWS\system32\dspimd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,orsnlfi.exe
Shell = Explorer.exe, C:\WINDOWS\system32\ewljb.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
= C:\WINDOWS\system32\s4pule791h.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/22/2006 10:19:34 PM

Qoologic gave bad links, I couldn't find that one I'm afraid.

Look Destroyer Log:
Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/22/2006 10:38:11 PM

Infected! C:\WINDOWS\system32\s4pule791h.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll
Infected! C:\WINDOWS\system32\dnl8013ue.dll
Infected! C:\WINDOWS\system32\hr0205doe.dll
Infected! C:\WINDOWS\system32\ktdycc.dll
Infected! C:\WINDOWS\system32\mgrating.dll
Infected! C:\WINDOWS\system32\o6660gjse6o60.dll
Infected! C:\WINDOWS\system32\s4pule791h.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnl8013ue.dll
C:\WINDOWS\system32\dnl8013ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr0205doe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktdycc.dll
C:\WINDOWS\system32\ktdycc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mgrating.dll
C:\WINDOWS\system32\mgrating.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6660gjse6o60.dll
C:\WINDOWS\system32\o6660gjse6o60.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6EF8FABF-2A9E-437D-A13A-0860CE2209BD}"
HKCR\Clsid\{6EF8FABF-2A9E-437D-A13A-0860CE2209BD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4548148-DC96-4FA1-B4C7-88A89715580B}"
HKCR\Clsid\{F4548148-DC96-4FA1-B4C7-88A89715580B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5B56CF96-6A79-49AC-8C63-485540C97188}"
HKCR\Clsid\{5B56CF96-6A79-49AC-8C63-485540C97188}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8D78E43F-6265-4451-A8D3-A2D17C057CC4}"
HKCR\Clsid\{8D78E43F-6265-4451-A8D3-A2D17C057CC4}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

And the most recent HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:36 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

There we go. Lemme know what else you might need, and thank you again

Newbie Poster

11 posts since Mar 2006

Reputation Points: 10

Solved Threads: 0

0

Alright - I will check the log in the morning..

Work calls!

Posting Whiz in Training

246 posts since Feb 2006

Reputation Points: 11

Solved Threads: 14

0

Alright. It doesn't appear Logitech Desktop Messenger was uninstalled correctly because the 018 entries would be gone.

Go to Start>Control Panel>Add/Remove Programs
-Choose Logitech Desktop Messenger
-Click Change/Remove

Now open HijackThis
-Choose Open Misc Tools
-Choose Process Manager
-Locate C:\WINDOWS\system32\slk8x2peu.exe
-Choose Kill Task

Now scan with HijackThis and place a check next to the following
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://free.aol.com
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
Now with ALL Browsers closed, chooseFix Checked

Now open Pocket Killbox
-Copy and Paste the following into the box one by one
-Choose Delete on Reboot and unregister dll options
-Do Not reboot until all have been entered
C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\ewljb.exe
C:\WINDOWS\system32\orsnlfi.exe
C:\WINDOWS\system32\slk8x2peu.exe
After the last one is entered chooseYES to reboot. If you receive an error, please reboot manually.

Afterwords please attach a new HijackThis log and a new WinPFind log.

Hang in there ;)

Posting Whiz in Training

246 posts since Feb 2006

Reputation Points: 11

Solved Threads: 14