NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY
 
 
 
 
 
 
  
Register   FAQ   Login  

zlob, spy quake and other....





AddThis Social Bookmark Button AddThis Feed Button

       2-spyware forum index -> HijackThis log analysis
Author Message
banhtec



Joined: 15 May 2006
Posts: 0
Post Post subject: zlob, spy quake and other.... Reply with quote
Logfile of HijackThis v1.99.1
Scan saved at 8:43:02 PM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\cfg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\POEOIQIA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ms049062000-213.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\ms049062000-213.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 6\SMSYSTEMANALYZER.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\WINDOWS\SYSTEM32\XPAGENT.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\mcastmib.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\poeoiqi.exe
C:\WINDOWS\cfg32a.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\SYSTEM32\WDIGEST.EXE
C:\WINDOWS\SYSTEM32\SHDOCLC.EXE
C:\WINDOWS\YSTEM~1\winword.exe
C:\PROGRAM FILES\COMMON FILES\??SEMBLY\W?WEXEC.EXE
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {34BE60A1-A341-8BC8-6621-F96A66DEDEED} - C:\WINDOWS\system32\lubcaec.dll
O2 - BHO: (no name) - {452BC66E-CA46-4D9E-ADA7-9F24C0C47189} - C:\Program Files\MSN\hoseduqal.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [PowerMate] C:\Program Files\Griffin Technology\PowerMate\\PowerMate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [defender] c:\\defender19a.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [poeoiqiA] C:\WINDOWS\POEOIQIA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ms049062000-213] C:\WINDOWS\ms049062000-213.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [XPAGENT] C:\WINDOWS\SYSTEM32\XPAGENT.EXE
O4 - HKCU\..\Run: [unimdmat] "C:\WINDOWS\system32\unimdmat.exe"
O4 - HKCU\..\Run: [nscmps] "C:\WINDOWS\system32\nscmps.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"
O4 - HKCU\..\Run: [dpnlobby] "C:\WINDOWS\system32\dpnlobby.exe"
O4 - HKCU\..\Run: [msorcl32] "C:\WINDOWS\system32\msorcl32.exe"
O4 - HKCU\..\Run: [ovui2rc] "C:\WINDOWS\system32\ovui2rc.exe"
O4 - HKCU\..\Run: [wmvadve] "C:\WINDOWS\system32\wmvadve.exe"
O4 - HKCU\..\Run: [msdtcprx] "C:\WINDOWS\system32\msdtcprx.exe"
O4 - HKCU\..\Run: [kbdsl] "C:\WINDOWS\system32\kbdsl.exe"
O4 - HKCU\..\Run: [mfc42] "C:\WINDOWS\system32\mfc42.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [gdiplus] "C:\WINDOWS\system32\gdiplus.exe"
O4 - HKCU\..\Run: [wmvcore] "C:\WINDOWS\system32\wmvcore.exe"
O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"
O4 - HKCU\..\Run: [wmpsrcwp] "C:\WINDOWS\system32\wmpsrcwp.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\system32\ntlanman.exe"
O4 - HKCU\..\Run: [sqlsrv32] "C:\WINDOWS\system32\sqlsrv32.exe"
O4 - HKCU\..\Run: [dsconv] "C:\WINDOWS\system32\dsconv.exe"
O4 - HKCU\..\Run: [csseqchk] "C:\WINDOWS\system32\csseqchk.exe"
O4 - HKCU\..\Run: [wmdmlog] "C:\WINDOWS\system32\wmdmlog.exe"
O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"
O4 - HKCU\..\Run: [wiaservc] "C:\WINDOWS\system32\wiaservc.exe"
O4 - HKCU\..\Run: [dpvacm] "C:\WINDOWS\system32\dpvacm.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [d3dramp] "C:\WINDOWS\system32\d3dramp.exe"
O4 - HKCU\..\Run: [dpnaddr] "C:\WINDOWS\system32\dpnaddr.exe"
O4 - HKCU\..\Run: [cryptnet] "C:\WINDOWS\system32\cryptnet.exe"
O4 - HKCU\..\Run: [esent] "C:\WINDOWS\system32\esent.exe"
O4 - HKCU\..\Run: [mshtmler] "C:\WINDOWS\system32\mshtmler.exe"
O4 - HKCU\..\Run: [compatui] "C:\WINDOWS\system32\compatui.exe"
O4 - HKCU\..\Run: [bitsprx2] "C:\WINDOWS\system32\bitsprx2.exe"
O4 - HKCU\..\Run: [spc] "C:\WINDOWS\system32\spc.exe"
O4 - HKCU\..\Run: [comsvcs] "C:\WINDOWS\system32\comsvcs.exe"
O4 - HKCU\..\Run: [nvshell] "C:\WINDOWS\system32\nvshell.exe"
O4 - HKCU\..\Run: [msscp] "C:\WINDOWS\system32\msscp.exe"
O4 - HKCU\..\Run: [usrdpa] "C:\WINDOWS\system32\usrdpa.exe"
O4 - HKCU\..\Run: [mfc40] "C:\WINDOWS\system32\mfc40.exe"
O4 - HKCU\..\Run: [mcastmib] "C:\WINDOWS\system32\mcastmib.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [kbdycl] "C:\WINDOWS\system32\kbdycl.exe"
O4 - HKCU\..\Run: [rasdlg] "C:\WINDOWS\system32\rasdlg.exe"
O4 - HKCU\..\Run: [sfcfiles] "C:\WINDOWS\system32\sfcfiles.exe"
O4 - HKCU\..\Run: [odexl32] "C:\WINDOWS\system32\odexl32.exe"
O4 - HKCU\..\Run: [rnr20] "C:\WINDOWS\system32\rnr20.exe"
O4 - HKCU\..\Run: [p2p] "C:\WINDOWS\system32\p2p.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [xmlprovi] "C:\WINDOWS\system32\xmlprovi.exe"
O4 - HKCU\..\Run: [msls31] "C:\WINDOWS\system32\msls31.exe"
O4 - HKCU\..\Run: [nvwrseng] "C:\WINDOWS\system32\nvwrseng.exe"
O4 - HKCU\..\Run: [icdysys] "C:\WINDOWS\system32\icdysys.exe"
O4 - HKCU\..\Run: [vb5db] "C:\WINDOWS\system32\vb5db.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [iviresizea6] "C:\WINDOWS\system32\iviresizea6.exe"
O4 - HKCU\..\Run: [nvcpl] "C:\WINDOWS\system32\nvcpl.exe"
O4 - HKCU\..\Run: [confmsp] "C:\WINDOWS\system32\confmsp.exe"
O4 - HKCU\..\Run: [comres] "C:\WINDOWS\system32\comres.exe"
O4 - HKCU\..\Run: [msi] "C:\WINDOWS\system32\msi.exe"
O4 - HKCU\..\Run: [docprop2] "C:\WINDOWS\system32\docprop2.exe"
O4 - HKCU\..\Run: [termmgr] "C:\WINDOWS\system32\termmgr.exe"
O4 - HKCU\..\Run: [asusw32n50] "C:\WINDOWS\system32\asusw32n50.exe"
O4 - HKCU\..\Run: [linkinfo] "C:\WINDOWS\system32\linkinfo.exe"
O4 - HKCU\..\Run: [netevent] "C:\WINDOWS\system32\netevent.exe"
O4 - HKCU\..\Run: [vbar332] "C:\WINDOWS\system32\vbar332.exe"
O4 - HKCU\..\Run: [dpnmodem] "C:\WINDOWS\system32\dpnmodem.exe"
O4 - HKCU\..\Run: [w32time] "C:\WINDOWS\system32\w32time.exe"
O4 - HKCU\..\Run: [msnsspc] "C:\WINDOWS\system32\msnsspc.exe"
O4 - HKCU\..\Run: [netfxperf] "C:\WINDOWS\system32\netfxperf.exe"
O4 - HKCU\..\Run: [cdmodem] "C:\WINDOWS\system32\cdmodem.exe"
O4 - HKCU\..\Run: [jet500] "C:\WINDOWS\system32\jet500.exe"
O4 - HKCU\..\Run: [usp10] "C:\WINDOWS\system32\usp10.exe"
O4 - HKCU\..\Run: [spicc] "C:\WINDOWS\system32\spicc.exe"
O4 - HKCU\..\Run: [mspatcha] "C:\WINDOWS\system32\mspatcha.exe"
O4 - HKCU\..\Run: [cdosys] "C:\WINDOWS\system32\cdosys.exe"
O4 - HKCU\..\Run: [wmspdmod] "C:\WINDOWS\system32\wmspdmod.exe"
O4 - HKCU\..\Run: [mqrtdep] "C:\WINDOWS\system32\mqrtdep.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\SYSTEM32\VMMANAGER.EXE
O4 - HKCU\..\Run: [wdigest] C:\WINDOWS\system32\wdigest.exe
O4 - HKCU\..\Run: [avicap] C:\WINDOWS\system32\avicap.exe
O4 - HKCU\..\Run: [icdshlex] C:\WINDOWS\system32\icdshlex.exe
O4 - HKCU\..\Run: [shdoclc] C:\WINDOWS\system32\shdoclc.exe
O4 - HKCU\..\Run: [Iiru] "C:\WINDOWS\YSTEM~1\winword.exe" -vt yazr
O4 - HKCU\..\Run: [Kpjtit] C:\Program Files\Common Files\??sembly\w?wexec.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://locator.01com.com/cgitunnel/Cyberpower/iServer/rdesktop/iitloader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O18 - Protocol: bw+0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {289DB1A0-4393-43BA-8646-F01B0E1633B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\poeoiqi.exe
Tue May 16, 2006 1:08 am
Back to top
banhtec View user's profile Send private message
 
1972vet



Joined: 09 Mar 2006
Posts: 47
Post Post subject: Reply with quote
* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly.

Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next, please put a check in the box next to Show log after script ends at the bottom, and save the log to your Desktop when finished.
Next to the "scriptfile to execute"-window you'll see a little icon.
When you click that icon, a window will open that says: "Please enter the full URL to the script you want to execute"
In the field, copy and paste the following URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click "execute" in the Brute Force Uninstaller.

***Note***
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script (alcanshorty.bfu ) manually from above url (rightclick on it and choose "save as" and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the "scriptfile to execute"-window
Browse to the script you downloaded and Click Ok and Execute in the Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press "exit" to terminate the BFU program.

Next, please download:
SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press"Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Run HijackThis again and post the new log back here too.

Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Tue May 16, 2006 5:54 am
Back to top
1972vet View user's profile Send private message
 
       2-spyware forum index -> HijackThis log analysis All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Recommended software:
Spyware Doctor
(91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
(89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
(85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
(80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
(75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2007 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions. Forum powered by phpBB