Home search problem!! ~sndavis
I have been attacked by the home search thing....it is my homepage and i can't change it...ive used adaware and spy-bot and i can't get rid of it. i tried the first link on the removal section of this site but that didn't work...HELP!
Here's my Hijack This log:
Logfile of HijackThis v1.99.0
Scan saved at 5:25:52 PM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\appdx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\QUICKH~1\oeprot.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\atlbk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\oeprot.exe /start
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [atlbk.exe] C:\WINDOWS\atlbk.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\RunOnce: [appdx.exe] C:\WINDOWS\appdx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Deqk] C:\WINDOWS\System32\m?iexec.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Quick Heal Live Update Service - Unknown - C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\addeb.exe (file missing)
please..please..please help! Thanks! ~sndavis
Here's my Hijack This log:
Logfile of HijackThis v1.99.0
Scan saved at 5:25:52 PM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\appdx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\QUICKH~1\oeprot.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\atlbk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\oeprot.exe /start
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [atlbk.exe] C:\WINDOWS\atlbk.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\RunOnce: [appdx.exe] C:\WINDOWS\appdx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Deqk] C:\WINDOWS\System32\m?iexec.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2945C4BE-A9B8-48ED-90ED-5BB31AF0825C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Quick Heal Live Update Service - Unknown - C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\addeb.exe (file missing)
please..please..please help! Thanks! ~sndavis
0
This discussion has been closed.
Comments
Logfile of HijackThis v1.99.0
Scan saved at 7:15:52 PM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\appdx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\QUICKH~1\oeprot.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\atlbk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\oeprot.exe /start
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [atlbk.exe] C:\WINDOWS\atlbk.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\RunOnce: [appdx.exe] C:\WINDOWS\appdx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Deqk] C:\WINDOWS\System32\m?iexec.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Quick Heal Live Update Service - Unknown - C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\addeb.exe (file missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uiivp.dll/sp.html#28129
O2 - BHO: (no name) - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O4 - HKLM\..\Run: [atlbk.exe] C:\WINDOWS\atlbk.exe
O4 - HKLM\..\RunOnce: [appdx.exe] C:\WINDOWS\appdx.exe
O4 - HKCU\..\Run: [Deqk] C:\WINDOWS\System32\m?iexec.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\addeb.exe (file missing)
Fix those entries then find and delete the files listed above, reboot and post a new log.
Scan saved at 1:37:41 AM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\QUICKH~1\oeprot.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\oeprot.exe /start
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Quick Heal Live Update Service - Unknown - C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
Fix those entries then find and delete these folders:
C:\Program Files\Viewpoint\
C:\Program Files\Windows ControlAd\
Then reboot and post a new log.
Scan saved at 11:59:15 AM, on 12/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\QUICKH~1\oeprot.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\oeprot.exe /start
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Quick Heal Live Update Service - Unknown - C:\PROGRA~1\QUICKH~1\QHINSTLR.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
***I wasn't able to delete the viewpoint folder..something about "Cannot delete AxMetaStream.dll:Access denied. What can I do about that?
Fix that entry and you should be all set. Are you still having any problems?
You will need to boot into Safe Mode (press F8 at the BIOS screen when booting) to delete the Viewpoint folder.