DrPMon.dll Trouble [RESOLVED]
Started by
Navy Seal
, Jul 12 2005 03:04 PM
-
This topic is locked
#1
Posted 12 July 2005 - 03:04 PM
Navy Seal
-
- Member
-
- 119 posts
Member
#3
Posted 13 July 2005 - 12:53 AM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
hey there! lemme redo some of those and the post my logs that r needed!
Edited by Navy Seal, 13 July 2005 - 02:51 PM.
#4
Posted 13 July 2005 - 05:13 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
here is the hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 7:10:47 PM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\knjhmj.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Stephen\Desktop\Hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thelms.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] c:\windows\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\knjhmj.exe reg_run
O4 - HKLM\..\Run: [wFtj35j] esesink.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteamp32.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: 6i24egm9lpmg8bdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\slman32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\KDIJS9Y7\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
here is the ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:05:29 PM, 7/13/2005
+ Report-Checksum: 85CF6B5
+ Scan result:
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\ws211PWkdQXc -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\ws2N1PWkdQXc -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-117609710-1979792683-839522115-1004\Software\LQ -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\eqnanmgr.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\WINDOWS\system32\esesink.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl2.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\installer_MARKETING58.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nsq16.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsy44.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 7:10:47 PM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\knjhmj.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Stephen\Desktop\Hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thelms.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] c:\windows\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\knjhmj.exe reg_run
O4 - HKLM\..\Run: [wFtj35j] esesink.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteamp32.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: 6i24egm9lpmg8bdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\slman32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\KDIJS9Y7\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
here is the ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:05:29 PM, 7/13/2005
+ Report-Checksum: 85CF6B5
+ Scan result:
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\ws211PWkdQXc -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\ws2N1PWkdQXc -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-117609710-1979792683-839522115-1004\Software\LQ -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\eqnanmgr.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\WINDOWS\system32\esesink.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl2.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\installer_MARKETING58.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nsq16.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsy44.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
::Report End
#5
Guest_usetobe_*
Posted 14 July 2005 - 04:36 AM
Guest_usetobe_*
Guest_usetobe_*
-
- Guest
You have a nasty nail infection, and i don't mean on your fingers and toes 
We are going to hit this with a big hammer.
You also have a lot more malware as well.
Firstly please create a new folder on your C drive (for example C\HJT). Install HJT into that folder and run it from there. That way it can create backups if required.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Please download Nailfix from here:
Click here unzip it to the desktop but please do NOT run it yet.
Please download Cleanup from here:
Cleanup. Do not run it yet.
Download this tool: LQfix.zip
Unzip it to your Desktop.
Don't use it yet!
Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files
Click Start > Run > and type in:
services.msc
Click OK.
In the services window find .System Startup Service (SvcProc)
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.
Go to Add/Remove in control panel and remove the following if present.:
Bullseye network
Navisearch
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, that is normal.
Then please run Ewido, and run a full scan. This may take some time, so go grab a coffee. Once it finds the first issue tick the box for all. Post the log from the scan here for me.
Then please run HijackThis, click Scan, and check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] c:\windows\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\knjhmj.exe reg_run
O4 - HKLM\..\Run: [wFtj35j] esesink.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteamp32.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: winlogin.exe
O20 - AppInit_DLLs: 6i24egm9lpmg8bdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\slman32.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Also check every entry similar to the below entry except the first one. There are too many to type
O18 - Protocol: bw+0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Close all open windows except for HijackThis and click Fix Checked.
Now using windows explorer locate and delete the following files/folders if found.
c:\windows\system32\nsvsvc\nsvsvc.exe
c:\windows\system32\vidctrl\vidctrl.exe
C:\WINDOWS\cfgmgr52.dll,DllRun
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\richup.exe
C:\WINDOWS\System32\knjhmj.exe
esesink.exe <<--carry out a search for this one
C:\windows\system32\eliteamp32.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\Cas\Client\casclient.exe"
winlogin.exe <<--carry out a search for this one
C:\WINDOWS\system32\slman32.dll
C:\WINDOWS\svcproc.exe
Now run Cleanup
Restart your computer in normal mode
Run this online virus scan: ActiveScan - Save the results from the scan
Rescan with HJT and please post a new HijackThis log, as well as the log from the Ewido scan and panda
We are going to hit this with a big hammer.
You also have a lot more malware as well.
Firstly please create a new folder on your C drive (for example C\HJT). Install HJT into that folder and run it from there. That way it can create backups if required.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Please download Nailfix from here:
Click here unzip it to the desktop but please do NOT run it yet.
Please download Cleanup from here:
Cleanup. Do not run it yet.
Download this tool: LQfix.zip
Unzip it to your Desktop.
Don't use it yet!
Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files
Click Start > Run > and type in:
services.msc
Click OK.
In the services window find .System Startup Service (SvcProc)
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.
Go to Add/Remove in control panel and remove the following if present.:
Bullseye network
Navisearch
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, that is normal.
Then please run Ewido, and run a full scan. This may take some time, so go grab a coffee. Once it finds the first issue tick the box for all. Post the log from the scan here for me.
Then please run HijackThis, click Scan, and check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] c:\windows\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\knjhmj.exe reg_run
O4 - HKLM\..\Run: [wFtj35j] esesink.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteamp32.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: winlogin.exe
O20 - AppInit_DLLs: 6i24egm9lpmg8bdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\slman32.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Also check every entry similar to the below entry except the first one. There are too many to type
O18 - Protocol: bw+0s - {7810B763-919D-4E99-85D5-8487379E2F08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Close all open windows except for HijackThis and click Fix Checked.
Now using windows explorer locate and delete the following files/folders if found.
c:\windows\system32\nsvsvc\nsvsvc.exe
c:\windows\system32\vidctrl\vidctrl.exe
C:\WINDOWS\cfgmgr52.dll,DllRun
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\richup.exe
C:\WINDOWS\System32\knjhmj.exe
esesink.exe <<--carry out a search for this one
C:\windows\system32\eliteamp32.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\Cas\Client\casclient.exe"
winlogin.exe <<--carry out a search for this one
C:\WINDOWS\system32\slman32.dll
C:\WINDOWS\svcproc.exe
Now run Cleanup
Restart your computer in normal mode
Run this online virus scan: ActiveScan - Save the results from the scan
Rescan with HJT and please post a new HijackThis log, as well as the log from the Ewido scan and panda
Edited by usetobe, 14 July 2005 - 01:26 PM.
#6
Posted 14 July 2005 - 12:53 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
that link for the nail fix will not work!!??
#8
Posted 14 July 2005 - 02:25 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
neither one is working!?
p.s. ty for the help in advance. i look forward to getting rid of all this "crap" i appreciate ur help!!
p.s. ty for the help in advance. i look forward to getting rid of all this "crap" i appreciate ur help!!
#9
Guest_usetobe_*
Posted 14 July 2005 - 02:37 PM
Guest_usetobe_*
Guest_usetobe_*
-
- Guest
They work for me albeit slow to load. the site maybe having problems at the moment, we'll try again in a little while and in the meantime i'll look for some more links
#11
Posted 14 July 2005 - 02:40 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
ok cool! i'll keep trying...dunno why they wont work!? i may reboot or something. i'll keep in touch with u throughout the day! thx again!
#12
Posted 14 July 2005 - 02:45 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
perfect! that one worked 
i am going to follow ur instructions, and will be back with logs!!! 
edit: ok i extracted the files, now which one do i use in safe mode. the icon that says nailfix that has a window icon with a gear in it....or do i use the icon named process with a window icon that is white blank?
i am going to follow ur instructions, and will be back with logs!!! edit: ok i extracted the files, now which one do i use in safe mode. the icon that says nailfix that has a window icon with a gear in it....or do i use the icon named process with a window icon that is white blank?
Edited by Navy Seal, 14 July 2005 - 02:47 PM.
#14
Posted 14 July 2005 - 02:52 PM
Navy Seal
- Topic Starter
-
- Member
-
- 119 posts
Member
i think its the icon on the right. i took a screenshot so u can verify. (i dont want to mess anything up!!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
