Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surfsidekick3 is not deleting


  • This topic is locked This topic is locked
4 replies to this topic

#1 lickazacious

lickazacious

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 09 October 2005 - 11:46 PM

So here's my hijack this log. Any help anyone could give me would be very much appreciated. I have already tried to delete surfsidekick3 a number of different ways, but it doesn't seem to work. I have tried to delete the actual program from program files, but it says the file is being used. I even tried deleting it in safe mode. It also creates and continually creates another program that my yahoo anti-spy calls apropos, which it says is a dialer and I have also tried deleting this, but it also recreates itself. The other one that recreates itself is 180searchassistant. I don't think it's quite so bad as the surfsidekick3, but I'm not sure which of the three is the real problem. Thank you again.

Logfile of HijackThis v1.99.1
Scan saved at 9:37:40 PM, on 10/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ckrqh\opxyope.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/ac...ampaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.integrity.com:80
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {6AA73731-AE85-AA01-86BA-F70A0159A5B7} - C:\WINDOWS\System32\gmjsn.dll
O2 - BHO: (no name) - {91AA2E8E-D6F6-F3D4-726A-AF22C62FBF33} - C:\WINDOWS\System32\hkqxktnw\jsjqamiu.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: SDWin32 Class - {A71B1C71-7F37-4413-877A-22B05A518656} - C:\WINDOWS\System32\ivuqg.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll
O3 - Toolbar: Lyric Bar - {9AD83196-4AF7-4f08-8C6F-B763DB67F2D9} - C:\PROGRA~1\RARELY~1\lyricbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [xyyi] C:\WINDOWS\System32\xyyi.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [uibnz] C:\WINDOWS\System32\uibnz.exe
O4 - HKLM\..\Run: [cwiinn] C:\WINDOWS\System32\cwiinn.exe
O4 - HKLM\..\Run: [vrydt] C:\WINDOWS\System32\vrydt.exe
O4 - HKLM\..\Run: [vfniqk] C:\WINDOWS\System32\vfniqk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dzgidu.exe reg_run
O4 - HKLM\..\Run: [iparqh] C:\WINDOWS\iparqh.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cashplusmedia1.exe] C:\WINDOWS\System32\cashplusmedia1.exe
O4 - HKLM\..\Run: [ivuqgc] C:\WINDOWS\System32\ivuqgc.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [vprsbeh] C:\WINDOWS\System32\tasxsc\vprsbeh.exe
O4 - HKLM\..\Run: [apbonm] C:\WINDOWS\System32\jwunyr\apbonm.exe
O4 - HKLM\..\Run: [wfalnhe] C:\WINDOWS\System32\vpcgdb\wfalnhe.exe
O4 - HKLM\..\Run: [fiimrvkp] C:\WINDOWS\System32\mvcbhnwk\fiimrvkp.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [opxyope] C:\WINDOWS\System32\ckrqh\opxyope.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [djgk] C:\WINDOWS\System32\djgk.exe
O4 - HKLM\..\Run: [vqwe] C:\WINDOWS\System32\vqwe.exe
O4 - HKLM\..\Run: [omy] C:\WINDOWS\System32\omy.exe
O4 - HKLM\..\Run: [oom] C:\WINDOWS\System32\oom.exe
O4 - HKLM\..\Run: [rddb] C:\WINDOWS\System32\rddb.exe
O4 - HKLM\..\Run: [eci] C:\WINDOWS\System32\eci.exe
O4 - HKLM\..\Run: [azus] C:\WINDOWS\System32\azus.exe
O4 - HKLM\..\Run: [ygkkbkw] C:\WINDOWS\System32\ygkkbkw.exe
O4 - HKLM\..\Run: [xiff] C:\WINDOWS\System32\xiff.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [ndkmtv] C:\WINDOWS\System32\ndkmtv.exe
O4 - HKLM\..\Run: [ljptt] C:\WINDOWS\System32\dufphg\ljptt.exe
O4 - HKLM\..\Run: [masklv] C:\WINDOWS\System32\mntejfht\masklv.exe
O4 - HKLM\..\Run: [ynqs] C:\WINDOWS\System32\tfgfl\ynqs.exe
O4 - HKLM\..\Run: [cth] C:\WINDOWS\System32\cth.exe
O4 - HKLM\..\Run: [fkj] C:\WINDOWS\System32\fkj.exe
O4 - HKLM\..\Run: [dbh] C:\WINDOWS\System32\dbh.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cfz] C:\WINDOWS\System32\cfz.exe
O4 - HKLM\..\Run: [zex] C:\WINDOWS\System32\zex.exe
O4 - HKLM\..\Run: [jassb] C:\WINDOWS\System32\jassb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: rcui.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm114XXUS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\RARELY~1\lyricbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\RARELY~1\lyricbar.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27DE19AB-8F61-4300-A1C3-8F736AE54950}: NameServer = 64.136.173.5 64.136.164.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{27DE19AB-8F61-4300-A1C3-8F736AE54950}: NameServer = 64.136.173.5 64.136.164.46
O18 - Protocol: bw+0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {76D13324-C891-422E-8FC4-3996892747FB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: repairs302972943.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: opxyopeckrqh - Unknown owner - C:\WINDOWS\System32\ckrqh\opxyope.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:47 PM

Posted 12 October 2005 - 10:16 AM

Hello lickazacious and welcome to BleepingComputer.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.


Download and install the trial version of Ewido Security Suite.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch Ewido, there should be an icon on your desktop double-click it.
- When you run Ewido for the first time, you will get a warning "Database could not be found!".
- The program will prompt you to update; click the OK button.
- The program will now go to the main screen.
- On the left hand side of the main screen click update.
- Click on Start.
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido.


Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
- Save it to your desktop but do NOT run it yet.


Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Run Ewido Security Suite:
- Click on scanner.
- Click on Complete System Scan.
- Let the program scan the machine.

When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
- Click Save report.
- Save the report to your desktop.


Now, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode. Post a new HijackThis log, and the Ewido report, along with the entire contents of the log.txt file in the aproposfix folder.
Derfram
~~~~~~

#3 lickazacious

lickazacious
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 October 2005 - 02:32 AM

It completely worked. I can't thank you enough. Oddly, I couldn't remember where I saved the ewido report. If you have any idea what it would be called, I'll see if I can find it to post that report as well. Thank you so much. I thought my computer was trashed.

[Logfile of HijackThis v1.99.1
Scan saved at 12:17:49 AM, on 10/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt

.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\InterMute\IMStart.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...le=EN_US&c=Q304

&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...locale=EN_US&c=

Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http

://www.accoona.com/search_assistant/accoona_search_assistant.jsp?

&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=

bund&utm_campaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http

://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http

://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://red.clientapps.yahoo.com/customize/...lts/su/ymsgr6/*

http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http

://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://

www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http

://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://

www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http

://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.accoona.com/search_assistant/ac...h_assistant.jsp?

&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=

bund&utm_campaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=proxy.integrity.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}

- C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file

missing)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:

\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B

2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:

\Program Files\Accoona\atoolbar.dll
O3 - Toolbar: Lyric Bar - {9AD83196-4AF7-4f08-8C6F-B763DB67F2D9} - C:

\PROGRA~1\RARELY~1\lyricbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2

_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program

Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.

exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.

exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program

Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program

Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!

\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\

1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\

8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program

Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq

Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett

-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program

Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program

Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/

menusearch.html?p=ZRxdm114XXUS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program

Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD

55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2

\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -

http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (

MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/

download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)

- http://download.games.yahoo.com/games/web_...p/insaniquarium

/popcaploader_v6.cab
O18 - Protocol: bw+0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}

- C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {76D13324-C891-422E-8FC4-3996892747FB} - C:

\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {76D13324-C891-422E-8FC4-3996892747

FB} - C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.

exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.

exe
O23 - Service: ewido security suite control - ewido networks - C:

\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:

\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:

\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\My Documents\Ashley Internet\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

#4 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:47 PM

Posted 13 October 2005 - 11:00 AM

Good progress but much remains to clean.

The default location for your Ewido log would be in the "C:\Program Files\ewido\security suite\Reports" folder. Please post it if you find it there.

Did you knowingly install the "Rare Lyrics" toolbar?


Open the Control Panel then double click on Add/Remove Programs. Look for the following and uninstall them if found:
- MyWebSearch
- Accoona


Configure Windows to enable viewing of Hidden and System files.

Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/ac...ampaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://www.accoona.com/search?q=%s

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O1 - Hosts: 216.39.69.102 view.atdmt.com

O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm114XXUS

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

With ALL OTHER WINDOWS CLOSED, click on Fix Checked.


Open Windows Explorer (Windows key+e), navigate to and delete the following files and folders (Don't be concerned if they can not be found):

C:\WINDOWS\System32\ap9h4qmo.exe <--File

C:\Program Files\Accoona\ <--Folders
C:\Program Files\MyWebSearch\


Open Notepad, (Start button, click on Run, type in Notepad, and click OK) copy & pastes the following block of text into Notepad.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"ap9h4qmo.exe"=-

Click on 'File', then 'Save as'
Select 'Save as type:' as All Files,
Save the file to the desktop as fix.reg. Close Notepad.

Then double-click on the fix.reg file, and when it prompts to merge say yes.


Reboot and post a fresh HJT log along with the earlier Ewido report if available.

Edited by ddeerrff, 13 October 2005 - 01:11 PM.

Derfram
~~~~~~

#5 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:47 PM

Posted 28 October 2005 - 04:36 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Derfram
~~~~~~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users