Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: HijackThis Log Help  (Read 9373 times)

0 Members and 1 Guest are viewing this topic.

Armando

    Topic Starter


    Hopeful
    HijackThis Log Help
    « on: March 10, 2006, 05:36:40 PM »
    I was wondering if anyone with some free time could take a look at this log and tell me if there is anything I should remove or fix.

    Thank you

    Quote
    Logfile of HijackThis v1.99.1
    Scan saved at 7:32:07 PM, on 3/10/2006
    Platform: Windows XP  (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\Alt+Q Hotkey.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Program Files\WinRoll\winroll.exe
    C:\Program Files\YzShadow\YzShadow.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\armando sr\Local Settings\Temp\wz38f0\HijackThis.exe
    Logged

    Armando

      Topic Starter


      Hopeful
      Re: HijackThis Log Help
      « Reply #1 on: March 10, 2006, 05:38:23 PM »
      Quote
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {3AF9102C-EB4E-47B5-8751-60550E872E39} - (no file)
      O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
      O2 - BHO: (no name) - {614BBBCC-5C08-30A8-2BB6-0495C885DCBC} - (no file)
      O2 - BHO: (no name) - {6449E3C9-575F-61AA-2BB6-0495C885DFEB} - (no file)
      O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {FD704130-FFAA-C159-D0E9-A10FA1E64EB7} - (no file)
      O2 - BHO: (no name) - {FD704140-FFDF-B258-D0EF-D00FD3954EC2} - (no file)
      O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
      O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
      O4 - HKCU\..\Run: [LDM] \Program\
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
      O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
      O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
      O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
      O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
      O4 - HKCU\..\Run: [ObjectDock] C:\Program Files\ObjectDock\ObjectDock.exe
      O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
      O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
      O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      Logged

      Backdated

      • Guest
      Re: HijackThis Log Help
      « Reply #2 on: March 10, 2006, 05:45:21 PM »
      This isn't a full logfile. Because of forum restrictioons, you need to split your posts up into sections of less than 5500 characters and post them sequentially.
      Logged

      Armando

        Topic Starter


        Hopeful
        Re: HijackThis Log Help
        « Reply #3 on: March 10, 2006, 06:03:26 PM »
        Quote
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
        O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
        O18 - Protocol: bw+0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw+0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw-0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw-0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw00 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw00s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw10 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw10s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw20 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw20s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw30 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw30s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw40 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw40s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw50 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw50s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw60 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw60s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw70 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        « Last Edit: March 10, 2006, 06:09:06 PM by Armando »
        Logged

        Armando

          Topic Starter


          Hopeful
          Re: HijackThis Log Help
          « Reply #4 on: March 10, 2006, 06:11:09 PM »
          Quote
          O18 - Protocol: bw80 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O18 - Protocol: bwg0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwg0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          Logged

          Armando

            Topic Starter


            Hopeful
            Re: HijackThis Log Help
            « Reply #5 on: March 10, 2006, 06:11:45 PM »
            Quote
            O18 - Protocol: bwp0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwq0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwq0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
            O18 - Protocol: offline-8876480 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
            O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
            O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
            O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
            O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
            Logged

            dl65

            • R.I.P.


              • Prodigy

              Thanked: 18
              Re: HijackThis Log Help
              « Reply #6 on: March 10, 2006, 08:18:30 PM »
               Armando........Looking at your logfile and I note that for some reason you have not installed XP SP2...... It has a number of improved features and additional security . It also includes an newer IE than you are using .....

              I also note you are using 2 anti virus apps ......... You would be better off with just one.

              Do you actualy use the apps that appear in your running processes ?  Removing some of them would probably improve performance.
              Do you require .......
              C:\Program Files\UberIcon\UberIcon Manager.exe
              C:\Program Files\WinRoll\winroll.exe ( this one could be a keystroke logger )


              If this was my machine , I would mark for removal the following....

              O2 - BHO: (no name) - {3AF9102C-EB4E-47B5-8751-60550E872E39} - (no file)
              O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
              O2 - BHO: (no name) - {614BBBCC-5C08-30A8-2BB6-0495C885DCBC} - (no file)
              O2 - BHO: (no name) - {6449E3C9-575F-61AA-2BB6-0495C885DFEB} - (no file)
              O2 - BHO: (no name) - {FD704130-FFAA-C159-D0E9-A10FA1E64EB7} - (no file
              O2 - BHO: (no name) - {FD704140-FFDF-B258-D0EF-D00FD3954EC2} - (no file)
                O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)  
              O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
              O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
              O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
              O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

              I would remove all of the 018 entries with the exception of this one ......
              O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

              Do you use this ......
              O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
              If you don't I would remove it.

              You should also consider doing a thorough cleaning of the unused items in your pc .......
              You might also wish to D/l and install  CCleaner    ..... http://www.ccleaner.com/

              Please try and answer the questions before you attempt to remove anything.

              dl65  ::)
              « Last Edit: March 10, 2006, 08:19:14 PM by dl65 »
              Logged
              If you don't know the answer, it isn't a dumb question.

              Armando

                Topic Starter


                Hopeful
                Re: HijackThis Log Help
                « Reply #7 on: March 10, 2006, 08:26:50 PM »
                Quote
                Armando........Looking at your logfile and I note that for some reason you have not installed XP SP2...... It has a number of improved features and additional security . It also includes an newer IE than you are using .....
                I've tried installing it numerous times but it always gives me an error saying my verification key or validation code isn't genuine or something. It sends me to the Microsoft website and it tells me my Windows XP isn't genuine.. I've posted a thread about the problem before but all I heard was that I need to re-install Windows XP with a new disc, which I don't have.
                 
                Quote
                I also note you are using 2 anti virus apps ......... You would be better off with just one.
                I use AVG antivirus, ewido security suite, and kerio personal firewall. Which do you recommend I remove?  
                 
                Quote
                Do you actualy use the apps that appear in your running processes ?  Removing some of them would probably improve performance.
                Do you require .......
                C:\Program Files\UberIcon\UberIcon Manager.exe  
                C:\Program Files\WinRoll\winroll.exe ( this one could be a keystroke logger )
                Never used them, no idea what they are for.
                 
                Quote
                Do you use this ......
                O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)  
                If you don't I would remove it.
                I used to but I don't anymore, so I should remove it.
                 
                Quote
                You should also consider doing a thorough cleaning of the unused items in your pc .......  
                You might also wish to D/l and install  CCleaner    ..... http://www.ccleaner.com/
                I use it everyday. I've been using it for over 4 months now/..
                 
                Logged

                dl65

                • R.I.P.


                  • Prodigy

                  Thanked: 18
                  Re: HijackThis Log Help
                  « Reply #8 on: March 10, 2006, 08:49:04 PM »
                  Armando....
                  Quote
                  I've tried installing it numerous times but it always gives me an error saying my verification key or validation code isn't genuine or something. It sends me to the Microsoft website and it tells me my Windows XP isn't genuine.. I've posted a thread about the problem before but all I heard was that I need to re-install Windows XP with a new disc, which I don't have.  
                    If you have a authentic original win XP disk and it has only been installed on that pc ...... you should be getting on the phone to M/S and get it sorted out .

                  Quote
                  I use AVG antivirus, ewido security suite, and kerio personal firewall. Which do you recommend I remove?
                   

                  I wouldnt suggest you remove any of those ..... however according to your running processes , you have eTrust EZ Antivirus installed and runniong ..... If you dont use it uninstall it .

                  Quote
                  Do you actualy use the apps that appear in your running processes ? Removing some of them would probably improve performance.
                  Do you require .......
                  C:\Program Files\UberIcon\UberIcon Manager.exe
                  C:\Program Files\WinRoll\winroll.exe ( this one could be a keystroke logger )
                  Never used them, no idea what they are for.
                    Then I would remove them
                  Quote
                  Do you use this ......
                  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
                  If you don't I would remove it.
                  I used to but I don't anymore, so I should remove it.
                   ....  Yes remove them

                  ok ...lets start with those and then well will look at it again......

                  I think there are more that perhaps should be removed .
                  How about these .....
                  C:\Program Files\YzShadow\YzShadow.exe
                  C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
                  If you dont know what they are ........remove them as well.

                  ok .....deal with those and then post a new hijackthis logfile.

                  dl65  ::)






                  Logged
                  If you don't know the answer, it isn't a dumb question.

                  Armando

                    Topic Starter


                    Hopeful
                    Re: HijackThis Log Help
                    « Reply #9 on: March 10, 2006, 08:55:37 PM »
                    Actually some more questions (sorry)

                    The EZ Anti-virus my dad purchased so I can't really remove it otherwise he'll get angry. (yes, I know, it's not good at all, but he bought it.. *sigh*) SO then which one should I remove?

                    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe  
                    That's for a program that remembers all of my passwords and I click it and fills out my username and password for all websites I visit. I do use it. (Misc. question= Is it good? Should I get rid of it?)

                    About the disk.. Installed it a LONG time ago.. Long lost disk. WHat should I do?

                    Edit: Thank you so much for the help..
                    « Last Edit: March 10, 2006, 08:56:44 PM by Armando »
                    Logged

                    dl65

                    • R.I.P.


                      • Prodigy

                      Thanked: 18
                      Re: HijackThis Log Help
                      « Reply #10 on: March 10, 2006, 09:20:41 PM »
                      Armando.......
                      Quote
                      The EZ Anti-virus my dad purchased so I can't really remove it otherwise he'll get angry. (yes, I know, it's not good at all, but he bought it.. *sigh*) SO then which one should I remove?
                        C.A. Computer Associates is a well known company and while I have no first hand knowledge of its  EZ Anti-virus , I would think that if it is current and updated ,it should be as good as AVG free ....... ( I would suggest using EZ anti-virus and simply disable AVG ....( dont remove it at this time )

                      Quote
                      C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe  
                      That's for a program that remembers all of my passwords and I click it and fills out my username and password for all websites I visit. I do use it. (Misc. question= Is it good? Should I get rid of it?)
                       OK , if it's something you use leave it ........ it doesnt appear to be a threat .  Usually sites have a box to tick if you want to remember the password ........ I dont have a lot of faith in programs that offer to save that info ....... But thats a personal thing .........

                      Quote
                      About the disk.. Installed it a LONG time ago.. Long lost disk. WHat should I do?
                       It disturbs me when I hear the comment ...oh I lost the cd ....... How would you do a format and reinstall if required ?

                      What about this one ...... C:\Program Files\YzShadow\YzShadow.exe  


                      dl65  ::)
                      Logged
                      If you don't know the answer, it isn't a dumb question.

                      Armando

                        Topic Starter


                        Hopeful
                        Re: HijackThis Log Help
                        « Reply #11 on: March 10, 2006, 09:34:15 PM »
                        Quote
                        It disturbs me when I hear the comment ...oh I lost the cd ....... How would you do a format and reinstall if required ?

                        Pardon me if I'm not the average American who thinks of these things when he gets a computer. I guess I'm just absent-minded  :'(

                        Quote
                        What about this one ...... C:\Program Files\YzShadow\YzShadow.exe  
                        Don't use it..
                        Logged

                        dl65

                        • R.I.P.


                          • Prodigy

                          Thanked: 18
                          Re: HijackThis Log Help
                          « Reply #12 on: March 10, 2006, 09:38:34 PM »
                           Armando......
                          Quote
                          What about this one ...... C:\Program Files\YzShadow\YzShadow.exe
                          Don't use it..
                            Then /I would remove it ....

                          While you were off line , I went back and checked some of your earlier posts ........ re the Xp SP2 issue ....... If I read correctly , your pc came with ME and the cd you were using was used to install XP on your Moms and Dads laptops .......  that would explain your issue .

                          dl65  ::)
                          « Last Edit: March 10, 2006, 09:42:07 PM by dl65 »
                          Logged
                          If you don't know the answer, it isn't a dumb question.

                          dl65

                          • R.I.P.


                            • Prodigy

                            Thanked: 18
                            Re: HijackThis Log Help
                            « Reply #13 on: March 10, 2006, 09:40:54 PM »
                             Armando...  ok , lets mark for removal the items listed above in your hijacklog and then click fix checked and reboot and post a new logfile.

                            dl65  ::)
                            Logged
                            If you don't know the answer, it isn't a dumb question.

                            Armando

                              Topic Starter


                              Hopeful
                              Re: HijackThis Log Help
                              « Reply #14 on: March 10, 2006, 09:44:07 PM »
                              Yes the CD was used to install XP on my stepmom's computer..

                              I did what you told me to and rebooted (I couldn't find how to check the Program Files so they could be fixed so those weren't changed)

                              « Last Edit: March 10, 2006, 10:04:34 PM by Armando »
                              Logged
                              Pages: [1] 2 3  All   Go Up
                              « previous next »