Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer/virtumondo/vtuts.dll


  • This topic is locked This topic is locked
8 replies to this topic

#1 lnlyhrt

lnlyhrt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 01 July 2006 - 11:33 PM

This is the first time I've posted a hijack this log - first time I've used it. It started out with SpywareQuake and another one (the name of which I've already forgotten.) Have run everything I can - my virus scanner, online scanners, TrendMicro, Panda, bought PestPatrol, AdAware, Spybot. They haven't helped. Am getting the popups saying my computer is being scanned, etc. I also have SpywareGuard and every time I start my computer I get a message that something is trying to put in a BHO; if I say don't allow it, it just keeps coming back, no matter how many times I deny access. When this happens it says "n/a" for originating program, or that it is from c:/windows/system32/vtuts.dll.My wireless signal is "excellent" but my little monitor icon says signal strength is "low". Also, today I have had a lot of spontaneous cutoffs of my laptop. There may be something hardware going on as well as software.

Sorry to be longwinded, wanted to include anything that might seem pertinent. Also, ignore the date, it is July 2 but for some reason now the time on my laptob reads July 3. Please help if you can! I am at my wit's end.


Logfile of HijackThis v1.99.1
Scan saved at 12:05:20 AM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\CYNDI\My Documents\Unzipped\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.givesmart.com/GiveSmart/givesmart.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [netdaemon] C:\WINDOWS\system32\netdaemon /v
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://atlantis9.bigfishgames.com/Reef/en_...e/14/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://atlantis7.bigfishgames.com/Reef/en_...ploader_v10.cab
O18 - Protocol: bw+0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:17 AM

Posted 02 July 2006 - 05:35 AM

Hello there and welcome to BleepingComputer,

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there. Then please right click on HijackThis.exe and click on rename. Rename the program to analyse.exe. Then open analyse.exe and you will recieve the Hijackthis interface - please run a system scan and post its log.

David

#3 lnlyhrt

lnlyhrt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 02 July 2006 - 06:58 AM

Here is a copy of the report that came up in Notepad after doing what you said above. Thanks!



Logfile of HijackThis v1.99.1
Scan saved at 7:52:42 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\HiJackThis\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.givesmart.com/GiveSmart/givesmart.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0EA-EC6BF4D5FA7D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {698BBA9C-0316-4669-A2EA-5A37F8601FA6} - (no file)
O2 - BHO: (no name) - {717F66A4-03F6-4A00-90E9-9158701D7A94} - (no file)
O2 - BHO: (no name) - {73C9AAA1-2960-4F32-9C37-47921319FB5B} - (no file)
O2 - BHO: (no name) - {8E518662-1165-40CD-AFB2-338A9464BEF8} - (no file)
O2 - BHO: (no name) - {9527E450-D666-11E3-B8ED-00600938CE5F} - (no file)
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {CF27D172-4C86-4B7E-B7B8-5D5C52079A93} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {FFBF98E0-2F4C-4263-A84C-9058CFE59502} - (no file)
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [netdaemon] C:\WINDOWS\system32\netdaemon /v
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://atlantis9.bigfishgames.com/Reef/en_...e/14/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://atlantis7.bigfishgames.com/Reef/en_...ploader_v10.cab
O18 - Protocol: bw+0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:17 AM

Posted 02 July 2006 - 12:38 PM

Hey lnlyhrt,
Your infection was hiding - but we found it!

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens,Click Scan for Vundo button.
  • Once the scan is complete,Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes
    • C:\WINDOWS\system32\vtuts.dll
    • C:\WINDOWS\system32\stutv.*
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
David

#5 lnlyhrt

lnlyhrt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 02 July 2006 - 06:36 PM

Here is the Vundo.txt:


VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.4.2.5

Scan started at 7:23:25 PM 7/2/2006

Listing files found while scanning....


C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\vtuts.dll
Attempting to delete C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!

Performing Repairs to the registry.
Done!


And here is the new HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 7:33:56 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.givesmart.com/GiveSmart/givesmart.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0EA-EC6BF4D5FA7D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {698BBA9C-0316-4669-A2EA-5A37F8601FA6} - (no file)
O2 - BHO: (no name) - {717F66A4-03F6-4A00-90E9-9158701D7A94} - (no file)
O2 - BHO: (no name) - {73C9AAA1-2960-4F32-9C37-47921319FB5B} - (no file)
O2 - BHO: (no name) - {8CAD828D-8EAA-4A93-BFD6-1720F44A7E20} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {8E518662-1165-40CD-AFB2-338A9464BEF8} - (no file)
O2 - BHO: (no name) - {9527E450-D666-11E3-B8ED-00600938CE5F} - (no file)
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {FFBF98E0-2F4C-4263-A84C-9058CFE59502} - (no file)
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [netdaemon] C:\WINDOWS\system32\netdaemon /v
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://atlantis9.bigfishgames.com/Reef/en_...e/14/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://atlantis7.bigfishgames.com/Reef/en_...ploader_v10.cab
O18 - Protocol: bw+0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


So far, so good!!!! The attempt to add a BHO when I turned the comp back on didn't show up.

David, I think you ROCK!

Thanks very much from Jacksonville, Florida.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:17 AM

Posted 03 July 2006 - 12:34 PM

Hey lnlyhrt,
Great to hear the computer is running better! :thumbsup:
Just a bit of clearing up to do.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0EA-EC6BF4D5FA7D} - (no file)
O2 - BHO: (no name) - {698BBA9C-0316-4669-A2EA-5A37F8601FA6} - (no file)
O2 - BHO: (no name) - {717F66A4-03F6-4A00-90E9-9158701D7A94} - (no file)
O2 - BHO: (no name) - {73C9AAA1-2960-4F32-9C37-47921319FB5B} - (no file)
O2 - BHO: (no name) - {8CAD828D-8EAA-4A93-BFD6-1720F44A7E20} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {8E518662-1165-40CD-AFB2-338A9464BEF8} - (no file)
O2 - BHO: (no name) - {9527E450-D666-11E3-B8ED-00600938CE5F} - (no file)
O2 - BHO: (no name) - {FFBF98E0-2F4C-4263-A84C-9058CFE59502} - (no file)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Protocol: bw+0 - {DB835812-6035-4DD5-BF15-82B7E89B23D6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll <--all entries like this.
O20 - Winlogon Notify: vtuts - C:\WINDOWS\


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

As with all malware like this, it never comes alone and there are probably infected files left on your computer. Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply.

David

#7 lnlyhrt

lnlyhrt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 July 2006 - 09:32 PM

Incident Status Location

Adware:adware/securityerror Not disinfected C:\Documents and Settings\CYNDI\Favorites\Antivirus Test Online.url
Adware:Adware/MediaBack Not disinfected C:\Documents and Settings\CYNDI\My Documents\Downloads\emule-1.0.5.exe[ntsd32.exe][localsplnet.dll]
Virus:Trj/Downloader.AUA Not disinfected C:\Documents and Settings\CYNDI\My Documents\Downloads\emule-1.0.5.exe[ntsd32.exe][sysdebug32.exe]
Virus:Trj/Killav.AH Not disinfected C:\Documents and Settings\CYNDI\My Documents\Downloads\emule-1.0.5.exe[ntsd32.exe][netdaemon.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\10317_530f4e032_[cookies.txt][.atdmt.com/]
Dialer:dialer.avv Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
Adware:Adware/MediaBack Not disinfected C:\WINDOWS\system32\ntsd32.exe[localsplnet.dll]
Virus:Trj/Downloader.AUA Not disinfected C:\WINDOWS\system32\ntsd32.exe[sysdebug32.exe]
Virus:Trj/Killav.AH Not disinfected C:\WINDOWS\system32\ntsd32.exe[netdaemon.exe]


The report was way too long to post - I left one cookie in, as an example, but deleted the others. With them in it was about 3 times larger than is allowed.

Thanks so much again!

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:17 AM

Posted 05 July 2006 - 03:43 PM

Hey lnlyhrt,
Thanks for shortening the log, it helps a lot.

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now search and delete:

C:\Documents and Settings\CYNDI\Favorites\Antivirus Test Online.url
C:\Documents and Settings\CYNDI\My Documents\Downloads\emule-1.0.5.exe
C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
C:\WINDOWS\system32\ntsd32.exe

Go to start > run and type regsvr32 occache.dll

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please reboot and let me know how the computer is running.
Problem sovled here I think :thumbsup:
David

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:17 AM

Posted 04 August 2006 - 03:56 AM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users