Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - brenttharp


  • Please log in to reply
3 replies to this topic

#1 brenttharp

brenttharp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 10 July 2005 - 11:27 PM

Hi. I've used Cleanup, CWShredder, Ad-Aware, Microsoft Anti-Spy, Spy-Bot S&D, and Ewido on my machine, and still these stupid yieldmanager, paypopup and inqwire ads are showing up. Much less frequent, but every once in a while and I don't know if I'm still hijacked or if it's just from visiting sites. I've put Ewido, Anti-Spy and Spyguard on active to hopefully prevent recurrence (has happened through Limewire each time), but want to make sure I'm clean now, or do what I need to finish it. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:43 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rrte\etsc.exe
C:\WINDOWS\system32\w?auboot.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [appload] C:\Program Files\gateway\HPA\brcdset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pnur] C:\Program Files\rrte\etsc.exe
O4 - HKCU\..\Run: [Sdkx] C:\WINDOWS\system32\w?auboot.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://remoteoffice.ge.com/qp2.cab,DanaInf...ge.com,CT=java+
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O18 - Protocol: bw+0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

Any help with removing spyware or other JUNK is much appreciated!

Thanks,
Brent

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2005 - 06:01 AM

Hi Brent and Welcome to the Bleeping Computer!

Please get this file Scanned at the 2 sites listed below

C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

Scan here

http://www.virustotal.com/flash/index_en.html

http://virusscan.jotti.org/

Please post those results!


Please open Notepad, and Copy&Paste the code in the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.


dir C:\WINDOWS\system32\w?auboot.exe  /a h > files.txt
notepad files.txt


Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the results back here!


Go to Add\Remove Programs and Remove

ViewPoint

Get Ewido and Ad Aware Updated!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Locate and Delete the following if found

C:\WINDOWS\seeve.exe<< File!

C:\Program Files\rrte<< Folder!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe

O4 - HKCU\..\Run: [Pnur] C:\Program Files\rrte\etsc.exe

O4 - HKCU\..\Run: [Sdkx] C:\WINDOWS\system32\w?auboot.exe

O16 - DPF: Win32 Classes -

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Now Scan the System in Safe Mode with Cleanup-> Ewido-> Ad Aware!

In that order please and Save the Report from Ewido!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates

Post back with a fresh HijackThis log and the reports from Ewido-> Panda and the Text log from the FindFile.bat

Edited by Cretemonster, 12 July 2005 - 06:15 AM.


#3 brenttharp

brenttharp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 14 July 2005 - 12:21 AM

Hi cretemonster!

I did all the stuff and (so far) no problems. Both of the online scan programs you have me run on iexplore.exe came back with no viruses.

I ran Panda but then it got closed by mistake, so ran it again after work and it seemed to have a lot more infected files oops. But at least the popups have stopped, so you got the most annoying one for me.

The following are the reports you asked me to post after finishing:

New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:37 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [appload] C:\Program Files\gateway\HPA\brcdset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://remoteoffice.ge.com/qp2.cab,DanaInf...ge.com,CT=java+
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O18 - Protocol: bw+0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CBE2BE36-1D00-495C-95D0-A5A0E761ABA3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe




Ewido:

-------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:17:12 AM, 7/13/2005
+ Report-Checksum: 15CBC1BD

+ Scan result:

No infected objects found.


::Report End


Panda Report:

Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Austin\Application Data\Lycos
Spyware:Spyware/Media-motor No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biK.inf
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
Adware:Adware/CWS.AAA No disinfected C:\WINDOWS\SYSTEM32\WAUBOO~1.EXE
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\Shex.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\lvbdkb.dll
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\c.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\ce.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\q.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bi.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bl.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bo.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\i.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\r.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\b.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\d.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\f.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\l.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\s.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\a.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\m.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\n.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\j.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\p.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\w.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\x.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\y.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ba.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\be.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bf.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bh.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bj.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bk.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\bp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\br.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ch.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\bx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\t.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\by.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ca.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cj.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cd.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cn.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ci.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\Main.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ck.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\co.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\cp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cr.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\ct.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\da.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\cz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\db.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\de.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\u.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dv.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\df.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\di.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\h.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dm.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dy.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ds.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\dt.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\LimeShop\System\Code\dz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\du.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\LimeShop\System\Code\ed.class
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\20CAC04E-F3D0-4179-A95C-EC4954\1C5FC152-6CF0-4DA3-BCD9-C39A8C



Findfile.bat:

Volume in drive C has no label.
Volume Serial Number is 4ACE-5491

Directory of C:\WINDOWS\system32

06/29/2005 08:31 AM 401,408 w?auboot.exe
1 File(s) 401,408 bytes

Directory of C:\Documents and Settings\Austin\Desktop


Let me know if I am clean now, though it looks like I still have some junk happening.

I have one other question - of the various spyware guards that can run in the background, which should I use - Ewido, MS Anti-Spy, SpyGuard, or something else? I don't really want to run all of them, as it seems that will slow down the computer.

Thanks!!!

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 July 2005 - 08:11 AM

You can go ahead and Uninstall Ewido!

I think you will have more success with Microsoft AntiSpyware!


I want you to run this scan while in Safe Mode to check for files we cant visibly see!

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


As you can see Limewire comes with a Price,I recommend removing it as soon as possible!

Please get this file scanned at the same 2 sites

C:\WINDOWS\SYSTEM32\lvbdkb.dll<< That just looks ugly!

Go to Safe Mode and Delete the following

OK,the tricky file first!

C:\WINDOWS\system32\w?auboot.exe<< The ? can be anything!

C:\WINDOWS\SYSTEM32\WAUBOO~1.EXE<< From Panda!

401,408 bytes or 392KB

Created on 06/29/2005 08:31 AM

When you place the pointer over the suspect file,the only info that will be displayed is Date Created and File Size!

Where as a legit file,will give you a Company Signature and a description along with the Date Created and File Size!


Now locate and Delete

C:\WINDOWS\system32\nsvsvc<< Folder

C:\Documents and Settings\Austin\Application Data\Lycos<< Folder

C:\WINDOWS\INF\biK.inf<< File

C:\WINDOWS\SYSTEM32\cd_clint.dll<< File

C:\WINDOWS\SYSTEM32\Shex.exe<< File

C:\WINDOWS\SYSTEM32\lvbdkb.dll<< pending scan results!


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

Once the Scan is Complete-> Click "Copy to Clipboard" and Copy&Paste those Results to Notepad and place them in the next post!


Restart Normal and post a fresh HijackThis log along with the results of WinPFind!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users