Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Mirar Toolbar And Zedo And Surfsidekick. Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 barrett221

barrett221

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 25 July 2006 - 05:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:28:48 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\S2FzZXk\command.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\nfnqserA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Common Files\{C456B8F5-063A-1033-0910-010807010001}\Update.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Kasey\Application Data\?ymbols\?hkdsk.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Kasey\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{648A7919-B586-9879-F443-9D2B55BBD0CF} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hbawy.exe
F2 - REG:system.ini: UserInit=userinit.exe,swhbkae.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [nfnqserA] C:\WINDOWS\nfnqserA.exe
O4 - HKLM\..\Run: [jxze747c] RUNDLL32.EXE w2900f2c.dll,n 001e747b000000032900f2c
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [sys11-1000949515] C:\WINDOWS\sys11-1000949515.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Ffvf] C:\Documents and Settings\Kasey\Application Data\?ymbols\?hkdsk.exe
O4 - HKCU\..\Run: [mmzw] C:\PROGRA~1\COMMON~1\mmzw\mmzwm.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Kasey\MYDOCU~1\SSTEM3~1\ntvdm.exe" -vt yazb
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: ComcastHSI - {3E564CDC-302D-4291-8A3D-27F7E5C7CB28} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {590D12F9-A229-454A-8027-859E2155DE09} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {A8968970-8403-40D5-B8D5-2FD0875F2D37} - http://www.comcastsupport.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O18 - Protocol: bw+0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {CF6B14E2-056E-43BE-A559-EA9A8FB395B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: PropertySystem - C:\WINDOWS\system32\j8j60i1se8.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FzZXk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:12:53 AM

Posted 26 July 2006 - 09:41 AM

hello. Please do all of the following:

Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip
  • Unzip all files to a convenient location such as C:\Qoofix.
  • Go to the folder you unzipped all files and run Qoofix.exe.
  • Click Begin Removal and wait for the scan to finish.
  • If an infection has been found, select yes to restart your computer.
Download the Hoster Here
Please do not use program yet

Unzip Hoster to your desktop

Open up the Hoster program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
1. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

3. Once in Safe Mode, go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows...

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.


Please post the contents of qoofix log, l2mfix log...


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#3 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:12:53 AM

Posted 25 August 2006 - 09:08 AM

Due to inactivity, this topic is now closed.
If you need it reopened please contact a moderator with a link to this thread to reopen it.
Everyone else start a new topic.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users