Undetectible visus or spyware?

Computing.Net > Forums > Security and Virus > Undetectible visus or spyware?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Undetectible visus or spyware?

Name: mridkhbu
Date: March 22, 2006 at 16:20:36 Pacific
OS: Windows Xp Home
CPU/Ram: 3800+/ 2 GB
Product: Amd Anthlon 64 x2 dual co

Comment:

Hi, I Think I may have downloaded I virus.I am running mcafee virus scan and microsoft anti-spyware. A few weeks ago I downloaded a program which when I opened the .exe mcafee found to be a virus. I had mcafee delete it and a deleted the .zip file to but ever sence then, every about 10 minutes something pops up on my taskbar (nowhere else just the taskbar). It doesn't say anything and just has a generic .exe logo for the image. It only stays up for a second then dissapears agian. Ive tried clicking on it but nothing happens. If I happen to be playing a game it will minimize the game. Ive tried repeated scan using the mcafee virus scan and microsoft anti spyware both in normal and safe mode, with nothing detected. I am out of ideas can anyone help?

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 22, 2006 at 20:43:14 Pacific

Reply:

Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: mridkhbu
Date: March 23, 2006 at 08:38:14 Pacific

Reply:

Incident Status Location
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[11719988]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[11719988]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[S005-01-9-18-233860-104299]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[S117472]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[S005-01-9-20-233860-104655]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carl\Cookies\carl@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carl\Cookies\carl@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl\Cookies\carl@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Carl\Cookies\carl@bfast[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Carl\Cookies\carl@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Carl\Cookies\carl@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Carl\Cookies\carl@casalemedia[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Carl\Cookies\carl@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Carl\Cookies\carl@counter3.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Carl\Cookies\carl@counter4.sextracker[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Carl\Cookies\carl@cs.sexcounter[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Carl\Cookies\carl@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Carl\Cookies\carl@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Carl\Cookies\carl@fastclick[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Carl\Cookies\carl@fortunecity[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Carl\Cookies\carl@go[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Carl\Cookies\carl@media.fastclick[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Carl\Cookies\carl@microsofteup.112.2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@microsoftwga.112.2o7[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Carl\Cookies\carl@paycounter[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Carl\Cookies\carl@questionmarket[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carl\Cookies\carl@servedby.advertising[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Carl\Cookies\carl@sextracker[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carl\Cookies\carl@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carl\Cookies\carl@statse.webtrendslive[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Carl\Cookies\carl@targetnet[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carl\Cookies\carl@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carl\Cookies\carl@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Carl\Cookies\carl@zedo[2].txt
Logfile of HijackThis v1.97.7
Scan saved at 12:06:23 AM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carl\My Documents\My Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138832143061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138832137045
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: bwh0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: offline-8876480 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Response Number 3

Name: jabuck
Date: March 23, 2006 at 16:28:29 Pacific

Reply:

You are using an older version of HT that will not reveal 019 items and above. Please download the 1.99 version from this link http://www.tomcoyote.org/hjt/ or one of your choice then post a new HT log.
The panda scan only shows cookies.
Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Also delete "cookies". Click Apply then OK.
Reboot into safe mode. To get into safe mode restart the computer and at the beep start tapping F8. You should get an option screen, choose safe mode.
Set up the computer to view hidden files:
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
(When finished, remember to return and place a check on "Hide protected operating system files" Click Apply and then OK.)
Then, in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Next navigate to the C:\Documents and Settings\(EVERY Listed USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Download Ewido Security Suite then set it up this way Ewido Setup Instructions then reboot into safe mode and run Ewido. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log.

Response Number 4

Name: mridkhbu
Date: March 23, 2006 at 21:36:27 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:16 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Carl\My Documents\My Downloads\HijackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138832143061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138832137045
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: bw+0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B59A1DD7-4A26-4FC4-B9CA-679479C0E50B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Response Number 5

Name: mridkhbu
Date: March 23, 2006 at 22:28:07 Pacific

Reply:

ewido anti-malware - Scan report

+ Created on: 10:27:40 PM, 3/23/2006
+ Report-Checksum: 5C69BB7E
+ Scan result:
:mozilla.20:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n5918k50.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Elisha\Application Data\Mozilla\Firefox\Profiles\dd1h9wml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

::Report End

coremetrics spyware Progressbar en java atlas dmt	installshield update manager atlas dmt cookie media.fastclick.net
See More

Response Number 6

Name: jabuck
Date: March 24, 2006 at 03:59:18 Pacific

Reply:

See nothing so far. Let's look for lop.com. Run HT again, click the "open the misc tool button">click both boxes to the right of "generate startup list log" then click "generate startup list log" and post that log.
Next click the "open the misc tool button" again > "open ads spy.." button and note anything listed there and post what you find.
Then click the "open the misc tool button" again> click open host file manager>click open notepad and post that info.
Please download BlackLight by F-Secure from this link http://www.f-secure.com/blacklight/
The log should be on your desktop or root directory (C:\). This is the format for the log file name:
fsbl-<date-and-time>.log
If you have any trouble finding it do a search for fsbl*.log.
Please download
http://www.atribune.org/content/view/19/2/ by Atribune. Boot into safe mode by following the directions here if you need them Boot into Safe Mode directions
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Sponsored Link

Ads by Google

Want to know which Anti V...

HIPS -Do you use it?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Undetectible visus or spyware?

trojan or spyware?

Summary

www.computing.net/answers/security/trojan-or-spyware/19387.html

Tricky Virus or Spyware

Summary

www.computing.net/answers/security/tricky-virus-or-spyware/23274.html

Need help Adware or Spyware virus

Summary

www.computing.net/answers/security/need-help-adware-or-spyware-virus-/23542.html

From the Geek Dictionary
Storage Device - a Storage Device is anything that can hold information,it can be in the for...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
help please

IPV6 Tunnels/Firewalls and News

fake virus scanner

lost password

how to make it louder?

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE