Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Spyware...."Project 1"

Started by Jordanc@VGC , Sep 15 2006 02:23 PM

  • Please log in to reply

#1
Jordanc@VGC
Posted 15 September 2006 - 02:23 PM

Jordanc@VGC

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

I've been through all the steps that are required before posting my hijack log in here and still am having loads of pop ups while not even working with internet explorer.

Here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:10:11 PM, on 15/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SCURIT~1\chkdsk.exe
C:\WINNT\system32\??pPatch\??anregw.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\jordanc.VGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {80A59CFC-5448-2ECD-1472-5CF077B96192} - C:\WINNT\system32\tmoeygi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Nrue] "C:\PROGRA~1\COMMON~1\SCURIT~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Anzj] C:\WINNT\system32\??pPatch\??anregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158342328062
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O18 - Protocol: bw+0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Nls - C:\WINNT\system32\fp8o03l3e.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe


Many thanks for you help

Jordan
  • 0

Advertisements

#2
loophole
Posted 15 September 2006 - 07:22 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Edited by loophole, 15 September 2006 - 07:22 PM.

  • 0

#3
Jordanc@VGC
Posted 16 September 2006 - 09:30 AM

Jordanc@VGC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
jordanc - Sat 16/09/2006 8:22:01.56 Service Pack 4
ComboFix 06.09.14 - Running from: C:\Documents and Settings\jordanc.VGC\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{94AC532B-BDB0-4309-A30D-993DD3289BA5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94AC532B-BDB0-4309-A30D-993DD3289BA5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94AC532B-BDB0-4309-A30D-993DD3289BA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94AC532B-BDB0-4309-A30D-993DD3289BA5}\InprocServer32]
@="C:\\WINNT\\system32\\sugtab.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{17F47CC8-8343-4AAC-8199-FA5F6B32382F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17F47CC8-8343-4AAC-8199-FA5F6B32382F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17F47CC8-8343-4AAC-8199-FA5F6B32382F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17F47CC8-8343-4AAC-8199-FA5F6B32382F}\InprocServer32]
@="C:\\WINNT\\system32\\MAC71ESP.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{664EE30D-63FA-4401-9F27-8ECB0324809D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{664EE30D-63FA-4401-9F27-8ECB0324809D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{664EE30D-63FA-4401-9F27-8ECB0324809D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{664EE30D-63FA-4401-9F27-8ECB0324809D}\InprocServer32]
@="C:\\WINNT\\system32\\dylay.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F6E1AC50-E878-4699-BEE9-CB07C6D5127D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6E1AC50-E878-4699-BEE9-CB07C6D5127D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6E1AC50-E878-4699-BEE9-CB07C6D5127D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6E1AC50-E878-4699-BEE9-CB07C6D5127D}\InprocServer32]
@="C:\\WINNT\\system32\\ivsecsnp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{6434834C-A2F2-4CE0-9D7A-3E04A6D697C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6434834C-A2F2-4CE0-9D7A-3E04A6D697C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6434834C-A2F2-4CE0-9D7A-3E04A6D697C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6434834C-A2F2-4CE0-9D7A-3E04A6D697C8}\InprocServer32]
@="C:\\WINNT\\system32\\wcvdmoe.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2B6A937D-E846-4713-99D9-A639BE2D111D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B6A937D-E846-4713-99D9-A639BE2D111D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B6A937D-E846-4713-99D9-A639BE2D111D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B6A937D-E846-4713-99D9-A639BE2D111D}\InprocServer32]
@="C:\\WINNT\\system32\\ROSUTILS.DLL"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINNT\system32\dn6401jqe.dll
C:\WINNT\system32\ktj6l71s1.dll
C:\WINNT\system32\wcvdmoe.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\arlenw.VGC\Application Data\Sskknwrd.dll
C:\Documents and Settings\arlenw.VGC\Application Data\Sskuknwrd.dll
C:\Documents and Settings\steveh.VGC\Application Data\Sskcwrd.dll
C:\Documents and Settings\steveh.VGC\Application Data\Sskknwrd.dll
C:\Documents and Settings\steveh.VGC\Application Data\Sskuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_e2.exe
C:\deskbar3.exe
C:\kybrdff_e4.exe
C:\WINNT\Eim03.exe
C:\WINNT\uninstall_nmon.vbs
C:\Documents and Settings\Default User\Application Data\NetMon

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\ASKS~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\chkdsk.exe
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity
C:\QooBox\Purity\WINNT\system32\PPATCH~1
C:\QooBox\Purity\WINNT\system32\SCURIT~1
C:\QooBox\Purity\WINNT\system32\PPATCH~1\??anregw.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-16 to 2006-09-16 ))))))))))))))))))))))))))))))))))


2006-09-15 10:46 465,176 --a------ C:\WINNT\system32\wuapi.dll
2006-09-15 10:46 41,240 --a------ C:\WINNT\system32\wups.dll
2006-09-15 10:46 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2006-09-15 10:46 18,200 --a------ C:\WINNT\system32\wups2.dll
2006-09-15 10:46 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2006-09-15 10:46 127,256 --a------ C:\WINNT\system32\wucltui.dll
2006-09-14 14:34 1,468,464 --a------ C:\ccsetup132.exe
2006-09-13 16:58 2 --a------ C:\WINNT\system32\wnscpit.exe
2006-09-13 16:39 267,228 --a------ C:\WINNT\popupwithcast.exe
2006-09-13 16:38 184,795 --a------ C:\WINNT\YazzleBundle-1264.exe
2006-09-03 15:17 69,632 --a------ C:\WINNT\system32\HPZipm12.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-16 08:23 -------- d-a------ C:\Program Files\Common Files
2006-09-16 08:12 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0
2006-09-15 10:46 -------- d-ah----- C:\Program Files\WindowsUpdate
2006-09-15 10:44 -------- d-------- C:\Documents and Settings\jordanc.VGC\Application Data\TrojanHunter
2006-09-15 10:32 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-15 09:53 -------- d-a------ C:\Program Files\Outlook Express
2006-09-15 09:53 -------- d-a------ C:\Program Files\ComPlus Applications
2006-09-14 15:42 -------- d-------- C:\Program Files\CleanUp!
2006-09-14 14:35 -------- d-------- C:\Program Files\CCleaner
2006-09-14 13:43 -------- d-------- C:\Program Files\WinZip
2006-09-14 12:13 -------- d-------- C:\Program Files\Lavasoft
2006-09-14 12:13 -------- d-------- C:\Documents and Settings\jordanc.VGC\Application Data\Lavasoft
2006-09-13 16:58 93635 --ahs---- C:\Program Files\Common Files\Yazzle1264OinUninstaller.exe
2006-09-13 16:42 517 --a------ C:\Program Files\Common Files\vigyr
2006-09-13 16:39 32135 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2006-09-13 16:39 -------- d-------- C:\Program Files\popupwithcast
2006-09-08 10:42 157184 ---hs---- C:\Program Files\Common Files\Yazzle1264OinAdmin.exe
2006-08-31 08:50 157184 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2006-08-15 17:11 -------- d-------- C:\Program Files\HP
2006-08-14 17:52 78848 --a------ C:\WINNT\system32\nse144.dll
2006-08-11 08:27 -------- d-------- C:\Documents and Settings\jordanc.VGC\Application Data\HP
2006-08-10 15:30 -------- d-------- C:\Program Files\Logitech
2006-08-09 16:22 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-09 16:21 -------- d-------- C:\Program Files\Common Files\HP
2006-08-09 16:18 -------- d-a------ C:\Program Files\Hewlett-Packard
2006-07-08 12:48 118784 -r------- C:\WINNT\bwUnin-7.2.0.157-8876480SL.exe
2006-07-01 16:59 81920 -r------- C:\WINNT\bwUnin-6.1.4.68-8876480L.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Nrue"="\"C:\\PROGRA~1\\COMMON~1\\SCURIT~1\\chkdsk.exe\" -vt yazb"
"Anzj"="C:\\WINNT\\system32\\??pPatch\\??anregw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"PrinTray"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb01.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"septpop06apsept"="C:\\program files\\popupwithcast\\septpop06apsept.exe"
"ntdll.dll"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Outlook Express\\xunyfydad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\ComPlus Applications\\viloc.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00002002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,22,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"disablecad"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Disk Cleanup.job
C:\WINNT\tasks\Windows Update.job

Completion time: Sat 2006-09-16 8:27:29.85
ComboFix.txt
  • 0

#4
loophole
Posted 16 September 2006 - 02:37 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Show hidden files and folders
  • Click start >>> control panel
  • click the tools tab and then click folder options
  • Click view
  • tick the show hidden files and folders radio button
  • Uncheck hide extensions for known file types
  • Uncheck hide protected operating system files
  • Click Apply then Ok
Now, navigate to and delete the following files & folders if present:

C:\ccsetup132.exe
C:\WINNT\popupwithcast.exe
C:\WINNT\YazzleBundle-1264.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\popupwithcast
C:\Program Files\Common Files\Yazzle1264OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe

Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Note: IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess
    select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"[list]
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Reboot and post a hijack log and the Ewido log

Thanks :blink:
  • 0

#5
Jordanc@VGC
Posted 17 September 2006 - 02:28 PM

Jordanc@VGC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:26:53 PM, on 17/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\jordanc.VGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {80A59CFC-5448-2ECD-1472-5CF077B96192} - C:\WINNT\system32\tmoeygi.dll (file missing)
R3 - URLSearchHook: (no name) - {1232FE42-3EA6-1521-A2D8-6343BC15AACA} - C:\WINNT\system32\uabficw.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1232FE42-3EA6-1521-A2D8-6343BC15AACA} - C:\WINNT\system32\uabficw.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Nrue] "C:\PROGRA~1\COMMON~1\SCURIT~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Anzj] C:\WINNT\system32\??pPatch\??anregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158342328062
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O18 - Protocol: bw+0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Ewido log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:55:37 PM 16/09/2006

+ Scan result:



C:\Documents and Settings\arlenw.VGC\Cookies\arlenw@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\colin.VGC\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\jordanc@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\arlenw.VGC\Cookies\arlenw@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\jordanc@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\arlenw.VGC\Cookies\arlenw@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\colin.VGC\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\colin.VGC\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\jordanc@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\arlenw.VGC\Cookies\arlenw@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\colin.VGC\Cookies\colin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\jordanc@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\arlenw.VGC\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\jordanc.VGC\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
  • 0

#6
loophole
Posted 17 September 2006 - 02:43 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Looking good

Please run a scan with HijackThis and check the following lines for removal:

R3 - URLSearchHook: (no name) - {80A59CFC-5448-2ECD-1472-5CF077B96192} - C:\WINNT\system32\tmoeygi.dll (file missing)
R3 - URLSearchHook: (no name) - {1232FE42-3EA6-1521-A2D8-6343BC15AACA} - C:\WINNT\system32\uabficw.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1232FE42-3EA6-1521-A2D8-6343BC15AACA} - C:\WINNT\system32\uabficw.dll (file missing)
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe

O4 - HKCU\..\Run: [Nrue] "C:\PROGRA~1\COMMON~1\SCURIT~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Anzj] C:\WINNT\system32\??pPatch\??anregw.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Reboot, post a new log and let me know how everything is running :blink:

Thanks
  • 0

#7
Jordanc@VGC
Posted 20 September 2006 - 11:31 AM

Jordanc@VGC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry loophole, this is a computer I don't have much access to which explains my late replies. Thanks for your patience :whistling:

Everything runs fine except when I've been backing up my files. I get half way through the process then I get an error message saying:
Error Copying File or Folder
Cannot copy NTUSER: there has been a sharing violation. The source or destination file may be in use.

I don't know if this file is directly related to all the stuff on this computer. Maybe you can help me out.

New log
Logfile of HijackThis v1.99.1
Scan saved at 9:59:58 AM, on 20/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\jordanc.VGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158342328062
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VGC.LOCAL
O18 - Protocol: bw+0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF0E44D0-8A17-445F-BD76-DF8AF9DBC464} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
  • 0

#8
loophole
Posted 20 September 2006 - 04:29 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

The NtUSER.dat file can only be copied in safe mode from a differnt user account, usually the Admin account. You wont be able to copy it while logged in under your profile.If your just backing up data files ( music,excel, etc ) then you really dont need to copy that one unless you are going to a different profile. How is the computer running

Edited by loophole, 20 September 2006 - 04:30 PM.

  • 0

#9
Jordanc@VGC
Posted 20 September 2006 - 06:41 PM

Jordanc@VGC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
The computer is running fine now, no pop ups so now I can actually do work on here!

Thanks for all your help.

Jordan :whistling:
  • 0

#10
loophole
Posted 20 September 2006 - 06:46 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great, I'm glad I could help :whistling:

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders if we unhid them. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP