Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need analysis


  • Please log in to reply
1 reply to this topic

#1 help123

help123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 20 September 2005 - 02:13 PM

I have been using all these anti virus antispyware and anti adware but getting no were can hardly type this from all the popups pls help. I did this in safe mode hope i did it right.

Logfile of HijackThis v1.99.1
Scan saved at 2:57:40 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwebzone.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CA4CA9F9-C0E6-E28B-C54A-5C5376E4338A} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [ctbienc] C:\WINDOWS\ctbienc.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [wjvkudn] C:\WINDOWS\wjvkudn.EXE
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [AVTray] "C:\Program Files\WinAntiVirus 2006 Pro\AVTray.exe"
O4 - HKLM\..\Run: [rdsodll] C:\WINDOWS\rdsodll.EXE
O4 - HKLM\..\Run: [ypoyenc] C:\WINDOWS\ypoyenc.EXE
O4 - HKLM\..\Run: [Media Gateway] C:\DOCUME~1\Owner\LOCALS~1\Temp\MediaGateway.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ovdd] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [96k7avii] C:\WINDOWS\system32\96k7avii.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [MediaGateway.exe] C:\WINDOWS\system32\MediaGateway.exe
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [ov/fNb9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gdehwv] C:\WINDOWS\gdehwv.exe
O4 - HKLM\..\Run: [ProSiteFinder] "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe
O4 - HKCU\..\Run: [qiko] C:\PROGRA~1\COMMON~1\qiko\qikom.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [dplbex] C:\WINDOWS\system32\dplbex.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{BE371361-4E24-491F-873E-E93392F97E58}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O4 - Startup: Registration Brothers In Arms.LNK = L:\Support\Register\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: nnpn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTes...Xproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125888296531
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/237/webolr/OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\MBC71ESP.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pwyrrkk.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ctbisvc.exe

BC AdBot (Login to Remove)

 


#2 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 25 September 2005 - 03:42 AM

Hi help123,

Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.
If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.

How do you make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

You're running from Safe Mode, please post a log from Normal Mode. Safe Mode doesn't load everything, and what I can't see, I can't fix.

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

Check your computer with the following free anti-virus/anti-trojan products.

Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender

Post all the logs you can save from these and a fresh log from HijackThis.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users