Need Help fast. Thx

[Weldon]

Hi, Please help me analyze this hijack log.
seems like i got funwebproduct on my system and I can't get rid of it.
Thank you all in advance.
weldon


Logfile of HijackThis v1.99.1
Scan saved at 12:50:00 AM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\smncs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Documents and Settings\Frank\Desktop\hijackthis\HijackThis.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\gebcd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NI.UWFX6_0001_N57M0912] "C:\Documents and Settings\Juliette\Local Settings\Temporary Internet Files\Content.IE5\CBITKH89\WinFixer2006FreeInstall[1].exe" -nag /BEFOREINSTALL
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [Diyino] C:\Program Files\Zsxzr\Cducw.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitennv32.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05881c8625ecfefcce18/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106072254859
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7A1C0E7-939D-4D37-9729-C31E33BA0105}: NameServer = 206.13.28.12,206.13.31.12
O18 - Protocol: bw+0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EBCDDB62-EDDB-4D8D-A77C-064983C76F22} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddccc - C:\WINDOWS\SYSTEM32\ddccc.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

 

[MicroBell]

Hi and Welcome to TF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

 

[Weldon]

Thank you for your help.
I did a clean installation after unsucessful attempt in cleaning it.

Thanks.
Weldon

 

[MicroBell]

ok