Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantvirus,nester & Starware Pop Ups Removal Assitance Requeted


  • This topic is locked This topic is locked
9 replies to this topic

#1 curlysinagain

curlysinagain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 17 May 2007 - 11:22 AM

I have recently been infected and when browing the internet numerous pop ups shutting down explorer often. I don't recall making any changes or downloading anything particularly that may have started this but recently have had house guests using pc that may have helped in creating this problem. I haev Win 2000 and have allredy removed and downloaded 2 different antivirus programs since my first one AVG. Have tried Zonelabs and now Avast. the lat 2 see it but cannot remove it. I have run adaware and spybot but unable to have them remove as well. I recently loaded hijack this and created a log file that I am posting to see if anyione may be able to assist me.

This is my first problem post to any forum so if anything else is needed that i haven't explained please let me know.

Thanks Rebecca

Logfile of HijackThis v1.99.1
Scan saved at 11:12:23 AM, on 5/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 May 2007 - 11:53 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum curlysinagain :thumbsup:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*******************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

*******************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 17 May 2007 - 07:31 PM

Okay I have done all that you indicated and DrWebs results are.....

adgyfhyp.dll;c:\winnt\system32;Trojan.Virtumod;Deleted.;
awtsp.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
mbqmfphp.dll;c:\winnt\system32;Trojan.Virtumod;Deleted.;
opnomjh.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
Abexo registry cleaner.exe;C:\Documents and Settings\becky1\My Documents;Adware.SaveNow;Incurable.Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
awtsp.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
hmhxcweh.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
hyjksipx.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
nbnllipk.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
opnomjh.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
tckvgdrk.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
wpbfmgnk.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;

Next Here is log file for ComboFix

"curlysinagain" - 05/17/2007 20:06:10 Service Pack 4
ComboFix 07-05.17.10.V - Running from: "C:\Documents and Settings\curlysinagain\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\fqflbviq.dll
C:\WINNT\system32\pstwa.bak1
C:\WINNT\system32\pstwa.bak2
C:\WINNT\system32\pstwa.ini
C:\WINNT\system32\awtsp.dll
C:\WINNT\system32\opnomjh.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\install.log
C:\install.log


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-17 ))))))))))))))))))))))))))))))))))


2007-05-17 19:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_298.dat
2007-05-17 17:51 <DIR> d-------- C:\DOCUME~1\CURLYS~1\DoctorWeb
2007-05-17 12:37 <DIR> d-------- C:\WINNT\BDOSCAN8
2007-05-17 11:11 <DIR> d-------- C:\unzipped
2007-05-17 10:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-17 10:28 1,060,864 --a------ C:\WINNT\system32\MFC71.dll
2007-05-17 09:48 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Lavasoft
2007-05-15 16:48 94,424 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2007-05-15 16:48 90,112 --a------ C:\WINNT\system32\AVASTSS.scr
2007-05-15 16:48 85,952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2007-05-15 16:48 689,280 --a------ C:\WINNT\system32\aswBoot.exe
2007-05-15 16:48 43,176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2007-05-15 16:48 31,560 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2007-05-15 16:48 23,352 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2007-05-15 16:48 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-11 06:13 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Viewpoint
2007-05-04 17:38 <DIR> d---s---- C:\DOCUME~1\CURLYS~1\UserData
2007-05-04 11:19 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Yahoo!
2007-05-04 11:05 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Aim
2007-05-04 09:19 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\AOL
2007-05-04 09:18 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Kinko's
2007-05-04 09:18 <DIR> d-------- C:\DOCUME~1\CURLYS~1\APPLIC~1\Help
2007-05-04 09:10 569,344 --ah----- C:\DOCUME~1\CURLYS~1\NTUSER.DAT
2007-05-03 01:48 512 --a------ C:\ScanSectorLog.dat
2007-05-03 01:44 5,503,264 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-05-03 01:44 116,256 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-05-02 23:06 27,268,248 --a------ C:\zaAvSetup_70_337_000_en.exe
2007-05-02 02:54 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-05-02 02:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-05-01 17:53 403,072 --a------ C:\aswclnr.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 00:00:05 4,212 ---ha-w C:\WINNT\system32\zllictbl.dat
2007-05-14 00:01:12 -------- d---a-w C:\Program Files\Common Files\AOL
2007-05-02 09:15:29 -------- d-----w C:\Program Files\Pure Networks
2007-05-02 08:40:35 -------- d---a-w C:\Program Files\Common Files\InstallShield
2007-05-02 08:40:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-02 08:00:54 -------- d-----w C:\Program Files\Yahoo!
2007-05-01 14:00:27 -------- d-----w C:\Program Files\Paltalk Messenger
2007-04-13 18:30:57 40,738,456 ----a-w C:\zlsSetup_70_337_000_en.exe
2007-04-13 17:31:03 103,984 ----a-w C:\WINNT\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINNT\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINNT\system32\drivers\atwpkt2.sys
2007-03-30 20:53:40 11,719,496 ----a-w C:\NapsterSetup-US-AOL-3.8.2.2.exe
2007-03-23 16:54:19 19,755,560 ----a-w C:\avg75free_446a965.exe
2007-03-22 13:41:04 -------- d-----w C:\Program Files\FYI
2007-03-21 05:01:59 -------- d---a-w C:\Program Files\America Online 9.0
2007-03-19 00:49:58 724,992 ----a-w C:\WINNT\iun6002.exe
2007-03-19 00:49:44 2,513,592 ----a-w C:\notrace-setup.exe
2007-02-26 14:46:32 19,170,000 ----a-w C:\avg75free_441a944.exe
2007-02-22 06:18:07 11,407,704 ----a-w C:\Setup_File_Print_FedEx_Kinkos.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [07-03-20 16:39 ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [01-04-16 16:39 ]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [05-05-31 01:04 ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [06-10-31 16:29 ]
{72488AA0-1C86-4364-ABD9-8CF32194B28a}=C:\WINNT\system32\eyjcoxab.dll []
{73CFABD6-C27F-4144-90E9-30D23A075D3f}=C:\WINNT\system32\pjlxujmf.dll []
{9566395F-43D2-4c64-B525-B501FFA276E2}=mscoree.dll []
{E744ECAF-CD31-FC3C-A8B4-3AD8E88A3F8C}=C:\Program Files\FYI\wciymfuyqp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [06-10-23 07:50 ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [02-12-10 18:54 ]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [02-12-10 19:32 ]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [02-12-10 19:31 ]
"InternetShield"="C:\Program Files\InternetShield\Internet.exe" []
"PrinTray"="C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe" [01-03-27 02:45 ]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-07-15 11:42 ]
"nwiz"="nwiz.exe" [04-07-15 11:42 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-07-15 11:42 ]
"HostManager"="C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe" [06-09-25 19:52 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-12-15 03:11 ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04-08-09 07:03 ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04-08-09 07:03 ]
"NoTrace"="C:\Program Files\No Trace\NoTrace.exe" []
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-01-15 11:28 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06-11-30 22:49 ]
"AIM"="C:\Program Files\AIM\aim.exe" [04-08-10 10:37 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rpcss RpcSs
wugroup wuauserv
BITSgroup BITS

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
WmdmPmSN

*Newly Created Service* -IPNAT
*Newly Created Service* -RASAUTO


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070517-175006-445
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)

backup-20070517-175006-362
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
Contents of the 'Scheduled Tasks' folder
2007-05-04 02:45:00 C:\WINNT\tasks\Disk Cleanup.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-17 20:21:42
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-17 20:23:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-17 20:23


and here is my new hijack this log ...

Logfile of HijackThis v1.99.1
Scan saved at 8:29:21 PM, on 5/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
C:\WINNT\explorer.exe
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {72488AA0-1C86-4364-ABD9-8CF32194B28a} - C:\WINNT\system32\eyjcoxab.dll (file missing)
O2 - BHO: (no name) - {73CFABD6-C27F-4144-90E9-30D23A075D3f} - C:\WINNT\system32\pjlxujmf.dll (file missing)
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: (no name) - {E744ECAF-CD31-FC3C-A8B4-3AD8E88A3F8C} - C:\Program Files\FYI\wciymfuyqp.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Thanks for all your help, look forward to hearing from you, love the name Malware Assasin

Rebecca

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 May 2007 - 03:52 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Folders to delete:
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\CURLYS~1\APPLIC~1\Viewpoint

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

********************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {72488AA0-1C86-4364-ABD9-8CF32194B28a} - C:\WINNT\system32\eyjcoxab.dll (file missing)
O2 - BHO: (no name) - {73CFABD6-C27F-4144-90E9-30D23A075D3f} - C:\WINNT\system32\pjlxujmf.dll (file missing)
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: (no name) - {E744ECAF-CD31-FC3C-A8B4-3AD8E88A3F8C} - C:\Program Files\FYI\wciymfuyqp.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the Avenger output.txt,the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.

Posted Image
Posted Image

#5 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 21 May 2007 - 04:06 PM

Okay here are the log files for Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\agjglgvr

*******************

Script file located at: frtxurcc

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!



Here is the AVG Scan from Safe Mode

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:44:06 PM 5/21/2007

+ Scan result:



C:\QooBox\Quarantine\C\WINNT\system32\opnomjh.dll.vir -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bizjournals.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

And finally another Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 4:58:53 PM, on 5/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Computer started doing much better after even the first set of instructions but I did follow the next instructions exactly and not one pop up so far. I did try browsing a few sights to doble check before making this post.
I so appreciatte your help and beleive it or not this was the first time I have ever used a forum for assistance. Also my first time using Hijackthis and ever doing anything in safe mode. Let me know if there maybe anything else I need to do.

Thanks Again Rebecca

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 21 May 2007 - 04:24 PM

Launch HJThis,click 'Open the Misc Tools Section'.
Click 'Open Uninstall Manager'.
Click on 'Save List',save it to your desktop.
Copy and paste the content of that list into your next reply please.
Posted Image
Posted Image

#7 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 21 May 2007 - 04:54 PM

Here is the list

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
avast! Antivirus
AVG Anti-Spyware 7.5
CardRd81
CCHelp
CCScore
Cinderella's Dollhouse
CR2
DirectX 8 Hotfix - KB839643
DirectX 8.1 Hotfix - KB839643
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
File, Print FedEx Kinko's
Finding Nemo
Free Tetrix
Half-Life
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for MDAC 2.53 (KB911562)
Instant Wireless USB Adapter
Internet Explorer Q903235
Java 2 Runtime Environment, SE v1.4.2
Jumpstart First Grade v1.4
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech ImageStudio
Macromedia Shockwave Player
Mah Jong Quest
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office 2000 Professional
Microsoft XML Parser and SDK
My DSC
Notifier
NVIDIA Drivers
OTtBP
OTtBPSDK
PCDLNCH
PhoTags Express
PhotoParade Player
QuickTime
RealPlayer Basic
Rugrats Totally Angelica Boredom Buster
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
SFR
SFR2
Sierra Utilities
Spybot - Search & Destroy 1.4
The Sims Makin' Magic
Tranquil - Waterfalls Screen Saver
Update Rollup 1 for Windows 2000 SP4
USB Driver
VCAMCEN
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
VPRINTOL
Webcam Basic
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918439
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB925486
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip 11.1
Yahoo! Address AutoComplete
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
ZoneAlarm

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 21 May 2007 - 05:18 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
Exit Hijackthis.

**************************

Click on Start/Control Panel/Add or Remove Programs and remove/uninstall Viewpoint Media Player.

**************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
Avenger
Combofix

C:\Avenger
C:\QooBox

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#9 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 21 May 2007 - 05:41 PM

Thanks so much, I surely will do. You have been awesome and very much appreciatted.

Rebecca

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 21 May 2007 - 06:05 PM

You're welcome Rebecca :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users