need help removing zlob, spyquake and
| Author |
Message |
banhtec
Joined: 15 May 2006
Posts: 0
|
 Post subject: need help removing zlob, spyquake and |
 |
|
Hello, I found this site and after reading through it, I hope GTO or others can help me regain my computer back. Here is the log from Hijackthis. Thanks in advance. I don't know why but I can't post this log on the log analysis forums. I hit the submit button to submit my thread, but a fatal error oomes up??
Logfile of HijackThis v1.99.1
Scan saved at 8:43:02 PM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\cfg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\POEOIQIA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ms049062000-213.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\ms049062000-213.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 6\SMSYSTEMANALYZER.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\WINDOWS\SYSTEM32\XPAGENT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\mcastmib.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\poeoiqi.exe
C:\WINDOWS\cfg32a.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\SYSTEM32\WDIGEST.EXE
C:\WINDOWS\SYSTEM32\SHDOCLC.EXE
C:\WINDOWS\YSTEM~1\winword.exe
C:\PROGRAM FILES\COMMON FILES\??SEMBLY\W?WEXEC.EXE
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
O2 - BHO: (no name) - {452BC66E-CA46-4D9E-ADA7-9F24C0C47189} - C:\Program Files\MSN\hoseduqal.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [PowerMate] C:\Program Files\Griffin Technology\PowerMate\\PowerMate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [defender] c:\\defender19a.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [poeoiqiA] C:\WINDOWS\POEOIQIA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ms049062000-213] C:\WINDOWS\ms049062000-213.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [XPAGENT] C:\WINDOWS\SYSTEM32\XPAGENT.EXE
O4 - HKCU\..\Run: [unimdmat] "C:\WINDOWS\system32\unimdmat.exe"
O4 - HKCU\..\Run: [nscmps] "C:\WINDOWS\system32\nscmps.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"
O4 - HKCU\..\Run: [dpnlobby] "C:\WINDOWS\system32\dpnlobby.exe"
O4 - HKCU\..\Run: [msorcl32] "C:\WINDOWS\system32\msorcl32.exe"
O4 - HKCU\..\Run: [ovui2rc] "C:\WINDOWS\system32\ovui2rc.exe"
O4 - HKCU\..\Run: [wmvadve] "C:\WINDOWS\system32\wmvadve.exe"
O4 - HKCU\..\Run: [msdtcprx] "C:\WINDOWS\system32\msdtcprx.exe"
O4 - HKCU\..\Run: [kbdsl] "C:\WINDOWS\system32\kbdsl.exe"
O4 - HKCU\..\Run: [mfc42] "C:\WINDOWS\system32\mfc42.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [gdiplus] "C:\WINDOWS\system32\gdiplus.exe"
O4 - HKCU\..\Run: [wmvcore] "C:\WINDOWS\system32\wmvcore.exe"
O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"
O4 - HKCU\..\Run: [wmpsrcwp] "C:\WINDOWS\system32\wmpsrcwp.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\system32\ntlanman.exe"
O4 - HKCU\..\Run: [sqlsrv32] "C:\WINDOWS\system32\sqlsrv32.exe"
O4 - HKCU\..\Run: [dsconv] "C:\WINDOWS\system32\dsconv.exe"
O4 - HKCU\..\Run: [csseqchk] "C:\WINDOWS\system32\csseqchk.exe"
O4 - HKCU\..\Run: [wmdmlog] "C:\WINDOWS\system32\wmdmlog.exe"
O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"
O4 - HKCU\..\Run: [wiaservc] "C:\WINDOWS\system32\wiaservc.exe"
O4 - HKCU\..\Run: [dpvacm] "C:\WINDOWS\system32\dpvacm.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [d3dramp] "C:\WINDOWS\system32\d3dramp.exe"
O4 - HKCU\..\Run: [dpnaddr] "C:\WINDOWS\system32\dpnaddr.exe"
O4 - HKCU\..\Run: [cryptnet] "C:\WINDOWS\system32\cryptnet.exe"
O4 - HKCU\..\Run: [esent] "C:\WINDOWS\system32\esent.exe"
O4 - HKCU\..\Run: [mshtmler] "C:\WINDOWS\system32\mshtmler.exe"
O4 - HKCU\..\Run: [compatui] "C:\WINDOWS\system32\compatui.exe"
O4 - HKCU\..\Run: [bitsprx2] "C:\WINDOWS\system32\bitsprx2.exe"
O4 - HKCU\..\Run: [spc] "C:\WINDOWS\system32\spc.exe"
O4 - HKCU\..\Run: [comsvcs] "C:\WINDOWS\system32\comsvcs.exe"
O4 - HKCU\..\Run: [nvshell] "C:\WINDOWS\system32\nvshell.exe"
O4 - HKCU\..\Run: [msscp] "C:\WINDOWS\system32\msscp.exe"
O4 - HKCU\..\Run: [usrdpa] "C:\WINDOWS\system32\usrdpa.exe"
O4 - HKCU\..\Run: [mfc40] "C:\WINDOWS\system32\mfc40.exe"
O4 - HKCU\..\Run: [mcastmib] "C:\WINDOWS\system32\mcastmib.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [kbdycl] "C:\WINDOWS\system32\kbdycl.exe"
O4 - HKCU\..\Run: [rasdlg] "C:\WINDOWS\system32\rasdlg.exe"
O4 - HKCU\..\Run: [sfcfiles] "C:\WINDOWS\system32\sfcfiles.exe"
O4 - HKCU\..\Run: [odexl32] "C:\WINDOWS\system32\odexl32.exe"
O4 - HKCU\..\Run: [rnr20] "C:\WINDOWS\system32\rnr20.exe"
O4 - HKCU\..\Run: [p2p] "C:\WINDOWS\system32\p2p.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [xmlprovi] "C:\WINDOWS\system32\xmlprovi.exe"
O4 - HKCU\..\Run: [msls31] "C:\WINDOWS\system32\msls31.exe"
O4 - HKCU\..\Run: [nvwrseng] "C:\WINDOWS\system32\nvwrseng.exe"
O4 - HKCU\..\Run: [icdysys] "C:\WINDOWS\system32\icdysys.exe"
O4 - HKCU\..\Run: [vb5db] "C:\WINDOWS\system32\vb5db.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [iviresizea6] "C:\WINDOWS\system32\iviresizea6.exe"
O4 - HKCU\..\Run: [nvcpl] "C:\WINDOWS\system32\nvcpl.exe"
O4 - HKCU\..\Run: [confmsp] "C:\WINDOWS\system32\confmsp.exe"
O4 - HKCU\..\Run: [comres] "C:\WINDOWS\system32\comres.exe"
O4 - HKCU\..\Run: [msi] "C:\WINDOWS\system32\msi.exe"
O4 - HKCU\..\Run: [docprop2] "C:\WINDOWS\system32\docprop2.exe"
O4 - HKCU\..\Run: [termmgr] "C:\WINDOWS\system32\termmgr.exe"
O4 - HKCU\..\Run: [asusw32n50] "C:\WINDOWS\system32\asusw32n50.exe"
O4 - HKCU\..\Run: [linkinfo] "C:\WINDOWS\system32\linkinfo.exe"
O4 - HKCU\..\Run: [netevent] "C:\WINDOWS\system32\netevent.exe"
O4 - HKCU\..\Run: [vbar332] "C:\WINDOWS\system32\vbar332.exe"
O4 - HKCU\..\Run: [dpnmodem] "C:\WINDOWS\system32\dpnmodem.exe"
O4 - HKCU\..\Run: [w32time] "C:\WINDOWS\system32\w32time.exe"
O4 - HKCU\..\Run: [msnsspc] "C:\WINDOWS\system32\msnsspc.exe"
O4 - HKCU\..\Run: [netfxperf] "C:\WINDOWS\system32\netfxperf.exe"
O4 - HKCU\..\Run: [cdmodem] "C:\WINDOWS\system32\cdmodem.exe"
O4 - HKCU\..\Run: [jet500] "C:\WINDOWS\system32\jet500.exe"
O4 - HKCU\..\Run: [usp10] "C:\WINDOWS\system32\usp10.exe"
O4 - HKCU\..\Run: [spicc] "C:\WINDOWS\system32\spicc.exe"
O4 - HKCU\..\Run: [mspatcha] "C:\WINDOWS\system32\mspatcha.exe"
O4 - HKCU\..\Run: [cdosys] "C:\WINDOWS\system32\cdosys.exe"
O4 - HKCU\..\Run: [wmspdmod] "C:\WINDOWS\system32\wmspdmod.exe"
O4 - HKCU\..\Run: [mqrtdep] "C:\WINDOWS\system32\mqrtdep.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\SYSTEM32\VMMANAGER.EXE
O4 - HKCU\..\Run: [wdigest] C:\WINDOWS\system32\wdigest.exe
O4 - HKCU\..\Run: [avicap] C:\WINDOWS\system32\avicap.exe
O4 - HKCU\..\Run: [icdshlex] C:\WINDOWS\system32\icdshlex.exe
O4 - HKCU\..\Run: [shdoclc] C:\WINDOWS\system32\shdoclc.exe
O4 - HKCU\..\Run: [Iiru] "C:\WINDOWS\YSTEM~1\winword.exe" -vt yazr
O4 - HKCU\..\Run: [Kpjtit] C:\Program Files\Common Files\??sembly\w?wexec.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://locator.01com.com/cgitunnel/Cyberpower/iServer/rdesktop/iitloader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O18 - Protocol: bw+0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\poeoiqi.exe |
|
Tue May 16, 2006 1:05 am
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
|
|
Tue May 16, 2006 6:52 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, banhtec.
Your system is badly infected. I suggest swithcing to alternative antivirus software such as Eset NOD32 or Kaspersky Anti-Virus. Also install an advanced firewall like Zone Labs ZoneAlarm. Your current protection is useless. Just take a look on the number of malicious files you have.
Please follow these steps:
1. Download Pocket KillBox or KillBox utility.
2. Launch the Start>Run... tool. Type in msconfig and press enter. This will launch the System Configuration Utility. Open the Services tab. In the list of system processes find the Windows Overlay Components entry. Uncheck it, press Apply and then click on the OK button.
3. Use HijackThis to fix the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O4 - HKLM\..\Run: [defender] c:\\defender19a.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [poeoiqiA] C:\WINDOWS\POEOIQIA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ms049062000-213] C:\WINDOWS\ms049062000-213.exe
O4 - HKCU\..\Run: [XPAGENT] C:\WINDOWS\SYSTEM32\XPAGENT.EXE
O4 - HKCU\..\Run: [unimdmat] "C:\WINDOWS\system32\unimdmat.exe"
O4 - HKCU\..\Run: [nscmps] "C:\WINDOWS\system32\nscmps.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"
O4 - HKCU\..\Run: [dpnlobby] "C:\WINDOWS\system32\dpnlobby.exe"
O4 - HKCU\..\Run: [msorcl32] "C:\WINDOWS\system32\msorcl32.exe"
O4 - HKCU\..\Run: [ovui2rc] "C:\WINDOWS\system32\ovui2rc.exe"
O4 - HKCU\..\Run: [wmvadve] "C:\WINDOWS\system32\wmvadve.exe"
O4 - HKCU\..\Run: [msdtcprx] "C:\WINDOWS\system32\msdtcprx.exe"
O4 - HKCU\..\Run: [kbdsl] "C:\WINDOWS\system32\kbdsl.exe"
O4 - HKCU\..\Run: [mfc42] "C:\WINDOWS\system32\mfc42.exe"
O4 - HKCU\..\Run: [gdiplus] "C:\WINDOWS\system32\gdiplus.exe"
O4 - HKCU\..\Run: [wmvcore] "C:\WINDOWS\system32\wmvcore.exe"
O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"
O4 - HKCU\..\Run: [wmpsrcwp] "C:\WINDOWS\system32\wmpsrcwp.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\system32\ntlanman.exe"
O4 - HKCU\..\Run: [sqlsrv32] "C:\WINDOWS\system32\sqlsrv32.exe"
O4 - HKCU\..\Run: [dsconv] "C:\WINDOWS\system32\dsconv.exe"
O4 - HKCU\..\Run: [csseqchk] "C:\WINDOWS\system32\csseqchk.exe"
O4 - HKCU\..\Run: [wmdmlog] "C:\WINDOWS\system32\wmdmlog.exe"
O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"
O4 - HKCU\..\Run: [wiaservc] "C:\WINDOWS\system32\wiaservc.exe"
O4 - HKCU\..\Run: [dpvacm] "C:\WINDOWS\system32\dpvacm.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [d3dramp] "C:\WINDOWS\system32\d3dramp.exe"
O4 - HKCU\..\Run: [dpnaddr] "C:\WINDOWS\system32\dpnaddr.exe"
O4 - HKCU\..\Run: [cryptnet] "C:\WINDOWS\system32\cryptnet.exe"
O4 - HKCU\..\Run: [esent] "C:\WINDOWS\system32\esent.exe"
O4 - HKCU\..\Run: [mshtmler] "C:\WINDOWS\system32\mshtmler.exe"
O4 - HKCU\..\Run: [compatui] "C:\WINDOWS\system32\compatui.exe"
O4 - HKCU\..\Run: [bitsprx2] "C:\WINDOWS\system32\bitsprx2.exe"
O4 - HKCU\..\Run: [spc] "C:\WINDOWS\system32\spc.exe"
O4 - HKCU\..\Run: [comsvcs] "C:\WINDOWS\system32\comsvcs.exe"
O4 - HKCU\..\Run: [nvshell] "C:\WINDOWS\system32\nvshell.exe"
O4 - HKCU\..\Run: [msscp] "C:\WINDOWS\system32\msscp.exe"
O4 - HKCU\..\Run: [usrdpa] "C:\WINDOWS\system32\usrdpa.exe"
O4 - HKCU\..\Run: [mfc40] "C:\WINDOWS\system32\mfc40.exe"
O4 - HKCU\..\Run: [mcastmib] "C:\WINDOWS\system32\mcastmib.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [kbdycl] "C:\WINDOWS\system32\kbdycl.exe"
O4 - HKCU\..\Run: [rasdlg] "C:\WINDOWS\system32\rasdlg.exe"
O4 - HKCU\..\Run: [sfcfiles] "C:\WINDOWS\system32\sfcfiles.exe"
O4 - HKCU\..\Run: [odexl32] "C:\WINDOWS\system32\odexl32.exe"
O4 - HKCU\..\Run: [rnr20] "C:\WINDOWS\system32\rnr20.exe"
O4 - HKCU\..\Run: [p2p] "C:\WINDOWS\system32\p2p.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [xmlprovi] "C:\WINDOWS\system32\xmlprovi.exe"
O4 - HKCU\..\Run: [msls31] "C:\WINDOWS\system32\msls31.exe"
O4 - HKCU\..\Run: [nvwrseng] "C:\WINDOWS\system32\nvwrseng.exe"
O4 - HKCU\..\Run: [icdysys] "C:\WINDOWS\system32\icdysys.exe"
O4 - HKCU\..\Run: [vb5db] "C:\WINDOWS\system32\vb5db.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [iviresizea6] "C:\WINDOWS\system32\iviresizea6.exe"
O4 - HKCU\..\Run: [nvcpl] "C:\WINDOWS\system32\nvcpl.exe"
O4 - HKCU\..\Run: [confmsp] "C:\WINDOWS\system32\confmsp.exe"
O4 - HKCU\..\Run: [comres] "C:\WINDOWS\system32\comres.exe"
O4 - HKCU\..\Run: [msi] "C:\WINDOWS\system32\msi.exe"
O4 - HKCU\..\Run: [docprop2] "C:\WINDOWS\system32\docprop2.exe"
O4 - HKCU\..\Run: [termmgr] "C:\WINDOWS\system32\termmgr.exe"
O4 - HKCU\..\Run: [asusw32n50] "C:\WINDOWS\system32\asusw32n50.exe"
O4 - HKCU\..\Run: [linkinfo] "C:\WINDOWS\system32\linkinfo.exe"
O4 - HKCU\..\Run: [netevent] "C:\WINDOWS\system32\netevent.exe"
O4 - HKCU\..\Run: [vbar332] "C:\WINDOWS\system32\vbar332.exe"
O4 - HKCU\..\Run: [dpnmodem] "C:\WINDOWS\system32\dpnmodem.exe"
O4 - HKCU\..\Run: [w32time] "C:\WINDOWS\system32\w32time.exe"
O4 - HKCU\..\Run: [msnsspc] "C:\WINDOWS\system32\msnsspc.exe"
O4 - HKCU\..\Run: [netfxperf] "C:\WINDOWS\system32\netfxperf.exe"
O4 - HKCU\..\Run: [cdmodem] "C:\WINDOWS\system32\cdmodem.exe"
O4 - HKCU\..\Run: [jet500] "C:\WINDOWS\system32\jet500.exe"
O4 - HKCU\..\Run: [usp10] "C:\WINDOWS\system32\usp10.exe"
O4 - HKCU\..\Run: [spicc] "C:\WINDOWS\system32\spicc.exe"
O4 - HKCU\..\Run: [mspatcha] "C:\WINDOWS\system32\mspatcha.exe"
O4 - HKCU\..\Run: [cdosys] "C:\WINDOWS\system32\cdosys.exe"
O4 - HKCU\..\Run: [wmspdmod] "C:\WINDOWS\system32\wmspdmod.exe"
O4 - HKCU\..\Run: [mqrtdep] "C:\WINDOWS\system32\mqrtdep.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\SYSTEM32\
O4 - HKCU\..\Run: [wdigest] C:\WINDOWS\system32\wdigest.exe
O4 - HKCU\..\Run: [avicap] C:\WINDOWS\system32\avicap.exe
O4 - HKCU\..\Run: [icdshlex] C:\WINDOWS\system32\icdshlex.exe
O4 - HKCU\..\Run: [shdoclc] C:\WINDOWS\system32\shdoclc.exe
O4 - HKCU\..\Run: [Iiru] "C:\WINDOWS\YSTEM~1\winword.exe" -vt yazr
O4 - HKCU\..\Run: [Kpjtit] C:\Program Files\Common Files\??sembly\w?wexec.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\poeoiqi.exe
4. Now restart your system in Safe Mode. This step is very important!
5. Once in Safe Mode, use either Pocket KillBox or KillBox to delete the following files:
C:\WINDOWS\cfg32.exe
C:\WINDOWS\POEOIQIA.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\ms049062000-213.exe
C:\WINDOWS\SYSTEM32\XPAGENT.EXE
C:\WINDOWS\system32\mcastmib.exe
C:\WINDOWS\poeoiqi.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\SYSTEM32\WDIGEST.EXE
C:\WINDOWS\SYSTEM32\SHDOCLC.EXE
C:\WINDOWS\YSTEM~1\winword.exe
C:\PROGRAM FILES\COMMON FILES\??SEMBLY\W?WEXEC.EXE
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\WINDOWS\system32\lubcaec.dll
C:\WINDOWS\cfg32p.dll
C:\WINDOWS\cfg32o.dll
c:\defender19a.exe
C:\WINDOWS\system32\unimdmat.exe
C:\WINDOWS\system32\nscmps.exe
C:\WINDOWS\system32\modemui.ex
C:\WINDOWS\system32\dpnlobby.exe
C:\WINDOWS\system32\msorcl32.exe
C:\WINDOWS\system32\ovui2rc.exe
C:\WINDOWS\system32\wmvadve.exe
C:\WINDOWS\system32\msdtcprx.exe
C:\WINDOWS\system32\kbdsl.exe
C:\WINDOWS\system32\mfc42.exe
C:\WINDOWS\system32\gdiplus.exe
C:\WINDOWS\system32\wmvcore.exe
C:\WINDOWS\system32\kbdpo.exe
C:\WINDOWS\system32\wmpsrcwp.exe
C:\WINDOWS\system32\ntlanman.exe
C:\WINDOWS\system32\sqlsrv32.exe
C:\WINDOWS\system32\dsconv.exe
C:\WINDOWS\system32\csseqchk.exe
C:\WINDOWS\system32\wmdmlog.exe
C:\WINDOWS\system32\mqad.exe
C:\WINDOWS\system32\wiaservc.exe
C:\WINDOWS\system32\dpvacm.exe
C:\WINDOWS\system32\wmiprop.exe
C:\WINDOWS\system32\d3dramp.exe
C:\WINDOWS\system32\dpnaddr.exe
C:\WINDOWS\system32\cryptnet.exe
C:\WINDOWS\system32\esent.exe
C:\WINDOWS\system32\mshtmler.exe
C:\WINDOWS\system32\compatui.exe
C:\WINDOWS\system32\bitsprx2.exe
C:\WINDOWS\system32\spc.exe
C:\WINDOWS\system32\comsvcs.exe
C:\WINDOWS\system32\nvshell.exe
C:\WINDOWS\system32\msscp.exe
C:\WINDOWS\system32\usrdpa.exe
C:\WINDOWS\system32\mfc40.exe
C:\WINDOWS\system32\mcastmib.exe
C:\WINDOWS\system32\kbdhe319.exe
C:\WINDOWS\system32\kbdycl.exe
C:\WINDOWS\system32\rasdlg.exe
C:\WINDOWS\system32\sfcfiles.exe
C:\WINDOWS\system32\odexl32.exe
C:\WINDOWS\system32\rnr20.exe
C:\WINDOWS\system32\p2p.exe
C:\WINDOWS\system32\uniplat.exe
C:\WINDOWS\system32\xmlprovi.exe
C:\WINDOWS\system32\msls31.exe
C:\WINDOWS\system32\nvwrseng.exe
C:\WINDOWS\system32\icdysys.exe
C:\WINDOWS\system32\vb5db.exe
C:\WINDOWS\system32\netcfgx.exe
C:\WINDOWS\system32\iviresizea6.exe
C:\WINDOWS\system32\nvcpl.exe
C:\WINDOWS\system32\confmsp.exe
C:\WINDOWS\system32\comres.exe
C:\WINDOWS\system32\msi.exe
C:\WINDOWS\system32\docprop2.exe
C:\WINDOWS\system32\termmgr.exe
C:\WINDOWS\system32\asusw32n50.exe
C:\WINDOWS\system32\linkinfo.exe
C:\WINDOWS\system32\netevent.exe
C:\WINDOWS\system32\vbar332.exe
C:\WINDOWS\system32\dpnmodem.exe
C:\WINDOWS\system32\w32time.exe
C:\WINDOWS\system32\msnsspc.exe
C:\WINDOWS\system32\netfxperf.exe
C:\WINDOWS\system32\cdmodem.exe
C:\WINDOWS\system32\jet500.exe
C:\WINDOWS\system32\usp10.exe
C:\WINDOWS\system32\spicc.exe
C:\WINDOWS\system32\mspatcha.exe
C:\WINDOWS\system32\cdosys.exe
C:\WINDOWS\system32\wmspdmod.exe
C:\WINDOWS\system32\mqrtdep.exe
C:\WINDOWS\system32\wdigest.exe
C:\WINDOWS\system32\avicap.exe
C:\WINDOWS\system32\icdshlex.exe
C:\WINDOWS\system32\shdoclc.exe
Also delete the following directories:
C:\WINDOWS\YSTEM~1
C:\PROGRAM FILES\COMMON FILES\??SEMBLY
C:\Program Files\EQAdvice
C:\Program Files\PECarlin
6. Restart your computer. Download the trial version of ewido anti-malware. Install the program, update its definitions database and run a complete system scan. Remove all the parasites the program will find.
7. After you get done, run new HijackThis scan and post a fresh log here. |
|
Tue May 16, 2006 7:17 am
|
|
|
banhtec
Joined: 15 May 2006
Posts: 0
|
| Post subject: |
|
|
Here is my latest log after deleting the files above using killbox and the free malware. I noticed that my TrendMicro is still warning my about zlob.trogan and some other awd.
Logfile of HijackThis v1.99.1
Scan saved at 12:09:36 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 6\SMSYSTEMANALYZER.EXE
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {452BC66E-CA46-4D9E-ADA7-9F24C0C47189} - C:\Program Files\MSN\hoseduqal.dll
O2 - BHO: (no name) - {4BF74EAC-CA89-1E2A-E84F-03D229507485} - C:\WINDOWS\Xpuglnkw.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [PowerMate] C:\Program Files\Griffin Technology\PowerMate\\PowerMate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://locator.01com.com/cgitunnel/Cyberpower/iServer/rdesktop/iitloader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O18 - Protocol: bw+0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\poeoiqi.exe (file missing) |
|
Tue May 16, 2006 4:14 pm
|
|
|
1972vet
Joined: 09 Mar 2006
Posts: 47
|
| Post subject: |
|
|
Click start-->control panel-->add/remove programs. Scroll down the list and locate the Logitech Desktop Messenger. Click "Remove".
Reboot when the uninstallation completes.
Please download Look2Me-Destroyer.exe to your desktop.
* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Then you click the Remove L2M button and wait for it to give you a message when you click ok on it it should shut itself down.
Download KILLBOX, extract it to your desktop.
Open killbox.exe.
First
Click on Tools>Delete Temp Files
A box will open with a list of all user profiles.
Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.
Temporary Internet Files
Temp Files
XP Prefetch
If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.
Then, click the Button titled "Delete Selected Temp Files".
Exit by clicking the Button titled "Exit(Save Settings)"
Once back into the main killbox program, check the following boxes:
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
Quote:
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\bxxs5.dll
C:\Program Files\MSN\hoseduqal.dll
C:\WINDOWS\Xpuglnkw.dll
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\bxxs5.dll
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\poeoiqi.exe
Then in killbox click File>>Paste from Clipboard
At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.
Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes
A second message will ask to Reboot now? you will need to click no for now.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until you've completed the instructions below.
Now, please run HijackThis again. Put a check in the box next to these entries that may still exist:
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {452BC66E-CA46-4D9E-ADA7-9F24C0C47189} - C:\Program Files\MSN\hoseduqal.dll
O2 - BHO: (no name) - {4BF74EAC-CA89-1E2A-E84F-03D229507485} - C:\WINDOWS\Xpuglnkw.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
Put a check in the box next to every one of the 018 entries appearing in this hjt log
O20 - AppInit_DLLs: repairs303169587.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\poeoiqi.exe (file missing)
Close all windows except for the HijackThis application. Now click Fix Checked.
Reboot and post back a new HijackThis log and advise how the computer is now behaving. Have you noticed any improvement"?
Good Luck,
Disabled Vet |
|
Tue May 16, 2006 8:14 pm
|
|
|
banhtec
Joined: 15 May 2006
Posts: 0
|
| Post subject: |
|
|
OK I am making progress but the Zlob and another adware is still there. Here are screeshots of Trendmicro warning and a screenshot of spyhunter scan. At the bottom is my latest hijackthis log.
Buy first, there was an error that occurred when I tried to use hijackthis on a particular file:
Here are screenshots of the 2 other still present in my system:
The 2 viruses above were present after following your instructions twice. Thanks again for helping me with this maddening situation.
Logfile of HijackThis v1.99.1
Scan saved at 9:10:58 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 6\SMSYSTEMANALYZER.EXE
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [PowerMate] C:\Program Files\Griffin Technology\PowerMate\\PowerMate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://locator.01com.com/cgitunnel/Cyberpower/iServer/rdesktop/iitloader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe |
|
Wed May 17, 2006 1:24 am
|
|
|
banhtec
Joined: 15 May 2006
Posts: 0
|
| Post subject: |
|
|
Update
I am currently running a full system scan using a free version of ewido anti-malware and my trendmicro has warned of these during the process:
ADW FCHELP.A
TROJ ZLOB.GEN
ADW SURFKICK.U
ADW DYFUCA.B
SPYW WEBHANCER.I
ADW FCHELP.A
ADW FCHELP.A
ADW FCHELP.A
ADW FCHELP.A
ADW LOOK2ME.Y
BTW, tried lots of times, but hijackthis cannot delete: O20 - AppInit_DLLs: repairs303169587.dll |
|
Wed May 17, 2006 2:03 am
|
|
|
1972vet
Joined: 09 Mar 2006
Posts: 47
|
| Post subject: |
|
|
Please download the 2-week trial version of WebRoot SpySweeper from HERE.
Alternate download site.
Alternate download site.
Alternate download site.
- Click on Free Spy Scan.
- On the next page, click on Start Scan Now
- Save the Setup file to your Desktop>click OK.
- Double-click on the file that you saved. (If you receive alerts from your firewall, allow all activities for Spy Sweeper)
- You will be prompted to check for updated definitions, please do so.
- Click on "Options" > "Sweep Options" and check "Sweep all Folders on Selected drives".
- Check "Local Disc C" and under "What to Sweep", check every box.
- Click on "Sweep" and allow it to fully scan your system.
- When the sweep has finished, click "Remove" to remove any items found.
- Exit SpySweeper and reboot your computer.
NOTE: After SpySweeper has finished and removed any items found, it is important that you exit and reboot your computer right away to ensure the infection is fully removed. |
|
Wed May 17, 2006 3:25 am
|
|
|
banhtec
Joined: 15 May 2006
Posts: 0
|
| Post subject: |
|
|
OK, I think I am home free!
I tried everything reccommeded above 2 times 3 times even 4 times and I think my computer is now back in my control.
I want to take this chance and thank 72vet and GTO for providing this free service. I am very glad to find this website. |
|
Wed May 17, 2006 3:05 pm
|
|
|
1972vet
Joined: 09 Mar 2006
Posts: 47
|
| Post subject: |
|
|
You are most welcome indeed. Just glad we could help.
Regards, and happy surfing! |
|
Wed May 17, 2006 3:20 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
 (89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
 (85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
 (80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
 (75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
|
