Abetterinternet.nail Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Abetterinternet.nail Removal

Options

BenNBama View Member Profile	Jul 26 2006, 02:16 PM Post #1
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	I have made several attempts to remove the ABetterInternet.Nail spyware from my PC without any luck. Could you PLEASE help?!?! Thanks! Logfile of HijackThis v1.99.1 Scan saved at 2:05:38 PM, on 7/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINNT\system32\mobsync.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\intern~1\iexplore.exe C:\CFGSAFE\AUTOCHK.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Documents and Settings\BHadle01.MMS\My Documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\xydyg.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,jtjdryv.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {913F1590-0B6F-3DD3-A467-FB2FC58A716B} - C:\DOCUME~1\BHadle01.MMS\APPLIC~1\BALMGR~1\amok bat.exe (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [file upload up lite] C:\Documents and Settings\All Users\Application Data\modesetupfileupload\Boobteam.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Meet Gram] C:\DOCUME~1\BHadle01.MMS\APPLIC~1\MfcdByte\amen axis.exe O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=MEDIAGEN O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O17 - HKLM\Software\..\Telephony: DomainName = Morrison.CompassGroup.Corp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O18 - Protocol: bw+0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Buckeye_Sam View Member Profile	Jul 26 2006, 05:16 PM Post #2
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

BenNBama View Member Profile	Jul 27 2006, 09:34 AM Post #3
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	Hi Sam! Thanks so much for the fast response. I ran the executable and below are the results... Start Time= Thu 07/27/2006 9:20:33.18 Running from: C:\Documents and Settings\BHadle01.MMS\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) 9:25:12.01 Not all files found by this method are bad. There may be legitimate files found This log should be examined by a trained analyst * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * * C:\WINNT\system32\iplugt.exe C:\WINNT\system32\iplugt.exe C:\WINNT\system32\xydyg.exe C:\WINNT\system32\jtjdryv.exe * * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * * C:\WINNT\system32\xydyg.exe C:\WINNT\system32\owluxch.dll C:\WINNT\system32\owluxch.dll C:\WINNT\system32\nmbxs.dat C:\WINNT\system32\jtjdryv.exe C:\WINNT\system32\iplugt.exe C:\WINNT\system32\iplugt.exe C:\WINNT\system32\iplugt.exe C:\WINNT\gkscx.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup\awxvn.exe * * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 2006-06-02 14:54:50 127,488 "C:\WINNT\system32\iplugt.exe" 2006-06-02 14:54:52 28,672 "C:\WINNT\system32\xydyg.exe" 2006-05-09 10:50:00 124,376 "C:\WINNT\system32\wuauclt.exe" 2006-06-02 14:54:52 23,552 "C:\WINNT\system32\jtjdryv.exe" 2006-05-09 10:50:00 1,347,544 "C:\WINNT\system32\wuaueng.dll" 2006-05-09 10:50:00 127,448 "C:\WINNT\system32\wucltui.dll" 2006-06-02 14:54:52 51,712 "C:\WINNT\system32\owluxch.dll" 2006-05-09 10:50:00 465,368 "C:\WINNT\system32\wuapi.dll" 2006-05-09 10:50:00 18,392 "C:\WINNT\system32\wups2.dll" 2006-05-09 10:50:00 174,040 "C:\WINNT\system32\wuweb.dll" 2006-06-02 14:54:52 127,488 "C:\WINNT\system32\nmbxs.dat" 2006-07-27 09:24:22 661 "C:\WINNT\gkscx.dll" 2006-06-02 15:01:24 64 "C:\WINNT\tyiin.dll" 2006-06-02 14:54:50 53 "C:\WINNT\nlqqoo.dat" 2006-06-02 14:54:50 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\awxvn.exe" * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * * 06/02/2006 02:54 PM 127,488 nmbxs.dat.vir 06/02/2006 02:54 PM 127,488 iplugt.exe.vir 06/02/2006 02:54 PM 127,488 awxvn.exe.vir 06/02/2006 02:54 PM 51,712 owluxch.dll.vir 06/02/2006 02:54 PM 28,672 xydyg.exe.vir 06/02/2006 02:54 PM 23,552 jtjdryv.exe.vir 06/02/2006 03:01 PM 64 tyiin.dll.vir 06/02/2006 02:54 PM 53 nlqqoo.dat.vir DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO * * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 2006-05-09 10:50:00 124,376 "C:\WINNT\system32\wuauclt.exe" 2006-05-09 10:50:00 1,347,544 "C:\WINNT\system32\wuaueng.dll" 2006-05-09 10:50:00 127,448 "C:\WINNT\system32\wucltui.dll" 2006-05-09 10:50:00 465,368 "C:\WINNT\system32\wuapi.dll" 2006-05-09 10:50:00 18,392 "C:\WINNT\system32\wups2.dll" 2006-05-09 10:50:00 174,040 "C:\WINNT\system32\wuweb.dll" 2006-07-27 09:24:22 661 "C:\WINNT\gkscx.dll" (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-27 09:24:22 661 ( A.... ) "C:\WINNT\gkscx.dll" 2006-07-26 14:33:54 ( .D... ) "C:\Program Files\Secway" 2006-07-21 15:01:02 ( .D... ) "C:\Documents and Settings\BHadle01.MMS\Application Data\Balm grey" 2006-07-21 15:00:46 ( .D... ) "C:\Program Files\MfcdByte" 2006-07-21 15:00:46 ( .D... ) "C:\Documents and Settings\BHadle01.MMS\Application Data\MfcdByte" 2006-07-21 15:00:24 ( .D... ) "C:\Program Files\Adverts" 2006-07-21 15:00:20 ( .D... ) "C:\Program Files\Messenger Plus! Live" 2006-06-30 13:53:12 ( .D... ) "C:\Program Files\iPod" 2006-06-16 14:34:44 48936 ( A..H. ) "C:\WINNT\system32\sirenacm.dll" 2006-05-09 10:50:00 1347544 ( A..H. ) "C:\WINNT\system32\wuaueng.dll" 2006-05-09 10:50:00 465368 ( A..H. ) "C:\WINNT\system32\wuapi.dll" 2006-05-09 10:50:00 198616 ( A..H. ) "C:\WINNT\system32\iuengine.dll" 2006-05-09 10:50:00 194520 ( A..H. ) "C:\WINNT\system32\wuaueng1.dll" 2006-05-09 10:50:00 174040 ( A..H. ) "C:\WINNT\system32\wuweb.dll" 2006-05-09 10:50:00 172504 ( A..H. ) "C:\WINNT\system32\wuauclt1.exe" 2006-05-09 10:50:00 127448 ( A..H. ) "C:\WINNT\system32\wucltui.dll" 2006-05-09 10:50:00 124376 ( A..H. ) "C:\WINNT\system32\wuauclt.exe" 2006-05-09 10:50:00 75736 ( A..H. ) "C:\WINNT\system32\cdm.dll" 2006-05-09 10:50:00 41432 ( A.... ) "C:\WINNT\system32\wups.dll" 2006-05-09 10:50:00 18392 ( A..H. ) "C:\WINNT\system32\wups2.dll" 2003-12-15 14:23:14 794 ( A.... ) "C:\Program Files\INSTALL.LOG" 2003-12-04 15:26:28 21952 ( ...H. ) "C:\Program Files\folder.htt" 2003-12-04 15:26:28 271 ( ..SH. ) "C:\Program Files\desktop.ini" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-26 11:17 1,073,074,176 C:\hiberfil.sys 2006-06-16 14:34 48,936 C:\WINNT\system32\sirenacm.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "Promon.exe"="Promon.exe" "tourpath"="regedit /s c:\\winnt\\tour.reg" "Synchronization Manager"="mobsync.exe /logon" "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\"" "file upload up lite"="C:\\Documents and Settings\\All Users\\Application Data\\modesetupfileupload\\Boobteam.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart" "Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "Meet Gram"="C:\\DOCUME~1\\BHadle01.MMS\\APPLIC~1\\MfcdByte\\amen axis.exe" "Simp"="C:\\Program Files\\Secway\\SimpLite-MSN 2.2\\SimpLite-MSN.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,d2,03,00,00,23,00,00,00,1c,01,00,00,27,01,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Contents of the 'Scheduled Tasks' folder C:\WINNT\tasks\AF639F1F947C11C3.job Completion time: Thu 07/27/2006 9:27:55.64 ComboFix ver 06.07.15/27 - This logfile is located at C:\ComboFix.txt

Buckeye_Sam View Member Profile	Jul 27 2006, 07:16 PM Post #4
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	I need to see a different type of log from Hijackthis Run Hijackthis. Click on "Open the Misc Tools section". Next click on "Open uninstall manager". Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

BenNBama View Member Profile	Jul 28 2006, 08:39 AM Post #5
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	Here ya go... Access IBM Active Ports Ad-Aware SE Personal Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0.8 APC PowerChute Personal Edition Cisco IP Communicator Cognos Series 7 Version 2 Cognos Windows Common Logon Server ConfigSafe Data Dynamics ActiveReports for .NET SP1 Desktop Weather by The Weather Channel Disk Manager 2000 Google Talk (remove only) Google Toolbar for Internet Explorer HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 IBM Assistant IBM International License Agreement Intel® PRO Ethernet Adapter and Software iTunes Java 2 Runtime Environment, SE v1.4.2 Lavasoft VX2 Cleaner LiveUpdate 2.0 (Symantec Corporation) Logitech Desktop Messenger Logitech SetPoint Macromedia Flash Player 8 Macromedia Shockwave Player Messenger Plus! Live & Sponsor Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB886906) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 -- Device Update 4.0 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Internet Explorer WebControls Microsoft Office Professional Edition 2003 Microsoft Office Visio Professional 2003 Microsoft Office XP Professional with FrontPage Microsoft Publisher 2002 Microsoft SQL Server 2000 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual SourceSafe 6.0 Microsoft Visual Studio .NET Enterprise Architect 2003 - English Musicmatch for Windows Media Player NTI Backup NOW! 4 NTI CD-Maker NTI DriveBackup! 3 Trial NVIDIA Windows 2000/XP Display Drivers QuickTime RealPlayer Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) SimpLite-MSN 2.2 SnagIt 7 SoundMAX Spybot - Search & Destroy 1.4 Symantec AntiVirus The Sims 2 Uninstall PC-Doctor Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Wal-Mart Music Downloads Store Weather Services Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip Yahoo! Messenger

Buckeye_Sam View Member Profile	Jul 28 2006, 06:19 PM Post #6
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs: Java 2 Runtime Environment, SE v1.4.2 <-- older version of java that is a security risk Messenger Plus! Live & Sponsor <-- this program installs a LOP infection on your computer. After you have done so, please click here and install the most recent version of Java. ============== Download FindLop. Unzip the file. It will create a folder. From the extracted files, locate findlop.bat and double click on it. It will generate a log file - C:\findlop.txt Find that file and copy the content into your next post along with a new HijackThis log. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

BenNBama View Member Profile	Jul 31 2006, 09:13 AM Post #7
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	content of findlop.txt : [TRACE] Enumerating jobs and queues HijackThis contents: Access IBM Active Ports Ad-Aware SE Personal Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0.8 APC PowerChute Personal Edition Cisco IP Communicator Cognos Series 7 Version 2 Cognos Windows Common Logon Server ConfigSafe Data Dynamics ActiveReports for .NET SP1 Desktop Weather by The Weather Channel Disk Manager 2000 Google Talk (remove only) Google Toolbar for Internet Explorer HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 IBM Assistant IBM International License Agreement Intel® PRO Ethernet Adapter and Software iTunes J2SE Runtime Environment 5.0 Update 6 Lavasoft VX2 Cleaner LiveUpdate 2.0 (Symantec Corporation) Logitech Desktop Messenger Logitech SetPoint Macromedia Flash Player 8 Macromedia Shockwave Player Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB886906) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 -- Device Update 4.0 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Internet Explorer WebControls Microsoft Office Professional Edition 2003 Microsoft Office Visio Professional 2003 Microsoft Office XP Professional with FrontPage Microsoft Publisher 2002 Microsoft SQL Server 2000 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual SourceSafe 6.0 Microsoft Visual Studio .NET Enterprise Architect 2003 - English Musicmatch for Windows Media Player NTI Backup NOW! 4 NTI CD-Maker NTI DriveBackup! 3 Trial NVIDIA Windows 2000/XP Display Drivers QuickTime RealPlayer Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) SimpLite-MSN 2.2 SnagIt 7 SoundMAX Spybot - Search & Destroy 1.4 Symantec AntiVirus The Sims 2 Uninstall PC-Doctor Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Wal-Mart Music Downloads Store Weather Services Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip Yahoo! Messenger

Buckeye_Sam View Member Profile	Jul 31 2006, 02:32 PM Post #8
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Good sign! Please post a hijackthis log like the original log that you posted, not an uninstall list. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

BenNBama View Member Profile	Jul 31 2006, 02:49 PM Post #9
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	It does appear that I haven't had any pop-ups since the removal of the two programs! let's keep our fingers crossed! I really appreciate all your help! Here are the results of the hijackthis.log file: Logfile of HijackThis v1.99.1 Scan saved at 2:45:49 PM, on 7/31/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe c:\winnt\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE c:\progra~1\common~1\instal~1\update~1\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\BHadle01.MMS\My Documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {913F1590-0B6F-3DD3-A467-FB2FC58A716B} - C:\DOCUME~1\BHadle01.MMS\APPLIC~1\BALMGR~1\amok bat.exe (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\BHadle01.MMS\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe O4 - HKCU\..\RunOnce: [remititit29469] C:\WINNT\system32\command.com /c del C:\DOCUME~1\BHadle01.MMS\APPLIC~1\MfcdByte\6926.del O4 - HKCU\..\RunOnce: [remititit22969] C:\WINNT\system32\command.com /c del C:\DOCUME~1\BHadle01.MMS\APPLIC~1\MfcdByte\6926.del O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=MEDIAGEN O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O17 - HKLM\Software\..\Telephony: DomainName = Morrison.CompassGroup.Corp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Morrison.CompassGroup.Corp O18 - Protocol: bw+0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {F99D43DC-5618-443E-919F-DF08312CA9FF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Buckeye_Sam View Member Profile	Jul 31 2006, 02:57 PM Post #10
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - (no file) O2 - BHO: (no name) - {913F1590-0B6F-3DD3-A467-FB2FC58A716B} - C:\DOCUME~1\BHadle01.MMS\APPLIC~1\BALMGR~1\amok bat.exe (file missing) Reboot and you should be good to go! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

BenNBama View Member Profile	Jul 31 2006, 03:37 PM Post #11
New Member Group: Members Posts: 6 Joined: 26-July 06 Member No.: 77,936	Thanks Sam. YOU ROCK!!

Buckeye_Sam View Member Profile	Jul 31 2006, 03:40 PM Post #12
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Glad I could help you out! -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

Buckeye_Sam View Member Profile	Aug 17 2006, 08:06 PM Post #13
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides