Skip to main content

Can't get rid of popups

Customer

My PC is infected with adserver popups. I have run AdAware scanner but still get the popups.

 

Please help.

 

Here is my HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 7:36:33 AM, on 2/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

f:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RioMSC.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

F:\Program Files\Common Files\Business Objects\3.0\bin\crystalras.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cacheserver.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procDest.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\EventServer.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\inputfileserver.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\JobServer.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\outputfileserver.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\taskswitch.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe

C:\WINDOWS\system32\fast.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procLov.exe

F:\Program Files\Picasa2\PicasaMediaDetector.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProgramServer.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

F:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procWebi.exe

F:\Program Files\Winamp\winampa.exe

F:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\WIReportServer.exe

C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\progra~1\yahoo!\YCentral\YahooCentral.exe

F:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

F:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe

f:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\iTunes\iTunesHelper.exe

G:\Program Files\UltraMon\UltraMon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

G:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

F:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\Fast.exe

F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

F:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

f:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WinBar\WinBar.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\Program Files\a-squared Free\a2free.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - g:\Program Files\nutshell\nutshell.dll (file missing)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [Picasa Media Detector] f:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [ssAAD.exe] F:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MaxtorOneTouch] F:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LyraWirelessRemote] "f:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ultraMon] "G:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Ref Byte Find Book] C:\Documents and Settings\All Users\Application Data\dashtitlerefbyte\kind 32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe -s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [FreeRAM XP] "f:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [LDM] f:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "f:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [third soap] C:\DOCUME~1\Bobby\APPLIC~1\SETTIN~1\tons date 4.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Konfabulator.lnk = F:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: WinBar.lnk = C:\Program Files\WinBar\WinBar.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://icedreamonline.dyndns.org/img/NetCamPlayerWeb.ocx

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://icedreamonline.dyndns.org:1025/img/...layerWeb11g.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: bw+0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: offline-8876480 - {6D79F121-5E46-48C6-86A9-FCA9D5D85676} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Central Management Server (BOBJCentralMS) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cms.exe" -service -name Benedict.cms -restart -noauditor (file missing)

O23 - Service: Report Application Server (BOBJCrystalReportApplicationServer) - Unknown owner - F:\Program Files\Common Files\Business Objects\3.0\bin\crystalras.exe" -service -name Benedict.RAS -ns Benedict -ipport -restart (file missing)

O23 - Service: Crystal Reports Cache Server (BOBJCrystalReportsCacheServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cacheserver.exe" -service -name Benedict.cacheserver -cache -nops -deleteCache -ns Benedict -restart (file missing)

O23 - Service: Crystal Reports Page Server (BOBJCrystalReportspageserver) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe" -service -name Benedict.pageserver -ns Benedict -restart (file missing)

O23 - Service: Destination Job Server (BOBJDestinationServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procDest.exe" -service -name Benedict.destinationjobserver -ns Benedict -objectType CrystalEnterprise.Destination -lib procDest -restart -jsTypeDescription "Destination Job Server (file missing)

O23 - Service: Event Server (BOBJEventServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\EventServer.exe" -service -name Benedict.eventserver -ns Benedict -restart (file missing)

O23 - Service: Input File Repository Server (BOBJInputFileServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\inputfileserver.exe" -service -name Input.Benedict -ns Benedict -restart (file missing)

O23 - Service: Crystal Reports Job Server (BOBJJobServer_Report) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\JobServer.exe" -service -name Benedict.reportjobserver -ns Benedict -objectType CrystalEnterprise.Report -lib procReport -restart -jsTypeDescription "Crystal Reports Job Server (file missing)

O23 - Service: Output File Repository Server (BOBJOutputFileServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\outputfileserver.exe" -service -name Output.Benedict -ns Benedict -restart (file missing)

O23 - Service: List of Values Job Server (BOBJProcessServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procLov.exe" -service -name Benedict.ListOfValuesJobServer -ns Benedict -objectType CrystalEnterprise.MetaData.MetaDataRepositoryInfo -lib procLOV -restart -jsTypeDescription "List of Values Job Server (file missing)

O23 - Service: Program Job Server (BOBJProgramServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProgramServer.exe" -service -name Benedict.programjobserver -ns Benedict -objectType CrystalEnterprise.Program -lib procProgram -restart -jsTypeDescription "Program Job Server (file missing)

O23 - Service: Web Intelligence Job Server (BOBJWebiServer) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procWebi.exe" -service -name Benedict.Web_IntelligenceJobServer -ns Benedict -objectType CrystalEnterprise.Webi -lib procwebi -restart -jsTypeDescription "Web Intelligence Job Server (file missing)

O23 - Service: Web Intelligence Report Server (BOBJWICDZ) - Unknown owner - F:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\WIReportServer.exe" -service -name Benedict.Web_IntelligenceReportServer -ns Benedict -restart (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - g:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)

O23 - Service: OracleMTSRecoveryService - Unknown owner - G:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)

O23 - Service: OracleServiceXE - Unknown owner - g:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (file missing)

O23 - Service: OracleXEClrAgent - Unknown owner - G:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe (file missing)

O23 - Service: OracleXETNSListener - Unknown owner - G:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: wampapache - Unknown owner - g:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - g:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

0

Comments

2 comments

Date Votes
  • Customer

    * Please remove these entries from Add/Remove Programs in the Control Panel(if present):

    To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

    myway

     

    If you aren't really using Logitech Desktop Messenger, you can uninstall it because it's slowing down your computer and it only searches for updates for your Logitech products, but you can update perfect manually without slowing down your computer.

     

    Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

     

    Updating Java:


    • Download the latest version of Java Runtime Environment (JRE) 6.


    • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".


    • Click the "Download" button to the right.


    • Check the box that says: "Accept License Agreement".


    • The page will refresh.


    • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).


    • Close any programs you may have running - especially any web browsers.


    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.


    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.


    • Click the Remove or Change/Remove button.


    • Repeat as many times as necessary to remove each Java versions.


    • Reboot your computer once all Java components are removed.


    • Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version.



    * Run Hijackthis again, click scan, and Put a checkmark next to each of these if they still present.

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

    O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - g:\Program Files\nutshell\nutshell.dll (file missing)

    O4 - HKCU\..\Run: [third soap] C:\DOCUME~1\Bobby\APPLIC~1\SETTIN~1\tons date 4.exe

     

    * After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

     

    * Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

     

    * Reconfigure Windows XP to show hidden files:

    Click Start. Open My Computer.

    Select the Tools menu and click Folder Options. Select the View Tab.

     

    Under the Hidden files and folders heading select "Show hidden files and folders".

    Uncheck the "Hide protected operating system files (recommended)" option.

    Uncheck the "Hide file extensions for known file types" option.

    Click Yes to confirm. Click OK.

     

    * delete following folder:

     

    C:\DOCUMENTS AND SETTINGS\Bobby\APPLICATION DATA\SETTIN~1 <== the folder that begins with the characters 'SETTIN'

     

    * boot back to normal

     

    * Please run Notepad and copy the following text into a new file:

     

    dir %Windir%\tasks /a h > files.txt
    
notepad files.txt


     

    Save the file to the desktop as findjobs.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on findjobs.bat, notepad will pop-up, post the content of it here with a new hijackthis log.

    0
  • Customer

    You are infected with Lop aka C2Media, adware.lop

     

    Lop is an advertising program that uses odd names like "listdart.exe" or "tons date 4.exe" or "Meow dupe.exe", it injects code into internet explorer, shows popup ads (often for non-legitimate products/programs), uses a number of ways to automatically reinstall, aggressively fights removal, and automatically updates.

     

     

    Download nolop

     

    save anything you are working on and prepare for a possible reboot

    run nolop.exe

    click the button "search and destroy"

    when it's done it will prompt you to reboot if you are infected.

    click the "reboot" button.

     

    Post the log which is saved to c:\nolop.log and another hijackthis log.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post