Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Coolweb problems [CLOSED]

Started by efrisch , Aug 21 2005 11:01 AM

  • This topic is locked This topic is locked

#1
efrisch
Posted 21 August 2005 - 11:01 AM

efrisch

    New Member

  • Member
  • Pip
  • 7 posts
Having problems for about 2 weeks with files being created in WIndows and Windows\system32. Files starting up and taking over computer. BHOs taking over IE, etc, etc.

Downloaded several programs to fight it and am losing! Adaware, Spybot, Spy Killer, Giant, ewido etc... found lots of stuff but continue to get Giant popups telling me programs are trying to load or execute.

My hijack this is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:37 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hphmon03.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\BHODemon 2\BHODemon.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ERICFR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0C486A9A-90AE-95F6-758D-9AE8676B4FF7} - C:\WINDOWS\system32\sdkmd.dll (file missing)
O2 - BHO: Class - {15EAF32F-E910-66D5-9145-A0FEDA5A8A51} - C:\WINDOWS\atlqw32.dll (file missing)
O2 - BHO: Class - {2FFCC592-EAD4-6D02-D413-20591011A0B5} - C:\WINDOWS\atlon.dll (file missing)
O2 - BHO: Class - {389793A1-16BF-5CDB-995A-72BC57DA44B5} - C:\WINDOWS\crgw32.dll (file missing)
O2 - BHO: Class - {5FDE86BE-CDD8-F674-36B1-B4FB01197E45} - C:\WINDOWS\system32\addnn.dll (file missing)
O2 - BHO: Class - {6260FBF7-CD9D-F682-E948-D4F9627B878A} - C:\WINDOWS\system32\netwa.dll (file missing)
O2 - BHO: Class - {62876854-EDA6-07DA-05A9-EA959624D86C} - C:\WINDOWS\system32\atled.dll (file missing)
O2 - BHO: Class - {7630AB6D-5BE6-C0AF-EE74-55DA8F18C91C} - C:\WINDOWS\system32\ntak32.dll (file missing)
O2 - BHO: Class - {877E32FD-53A0-0D73-8770-3C53B7A199C8} - C:\WINDOWS\crrx32.dll (file missing)
O2 - BHO: Class - {88E8A419-2FA8-BA69-851F-E374BC7FF816} - C:\WINDOWS\javapk32.dll (file missing)
O2 - BHO: Class - {8B82102E-F491-66D2-F758-5BB004FEE44C} - C:\WINDOWS\windd.dll (file missing)
O2 - BHO: Class - {92B90350-AC71-9624-9C25-44FC4ECFC374} - C:\WINDOWS\mfcuh32.dll (file missing)
O2 - BHO: Class - {9FD032D5-602C-3E4D-9D83-1D7F4C0CC523} - C:\WINDOWS\winzs32.dll (file missing)
O2 - BHO: Class - {A1478393-27A6-A004-43B7-4A801508772A} - C:\WINDOWS\system32\atlsy32.dll (file missing)
O2 - BHO: Class - {B543DA16-5622-738B-5E88-D833B851F319} - C:\WINDOWS\system32\mfcor32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apiuq.dll (file missing)
O2 - BHO: Class - {C5E8D939-2CE8-9ADD-8CA0-BD0FC64AA090} - C:\WINDOWS\system32\sysig32.dll (file missing)
O2 - BHO: Class - {C8F47880-52EF-4AA6-8D33-E43E9369AC13} - C:\WINDOWS\system32\ievq.dll (file missing)
O2 - BHO: Class - {D1F54785-3008-D469-EAF6-3608BE22CDCC} - C:\WINDOWS\system32\winbu.dll (file missing)
O2 - BHO: Class - {D78AFF2F-0E6C-C9B5-D9F0-C5E6558B36A9} - C:\WINDOWS\d3vq.dll (file missing)
O2 - BHO: Class - {F1B51150-D9B4-4CAE-8739-FCA1CC8D224D} - C:\WINDOWS\system32\iebe32.dll (file missing)
O2 - BHO: Class - {FEAE3120-346F-50F3-C47A-1B9D99153BFC} - C:\WINDOWS\system32\javani32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [addqx.exe] C:\WINDOWS\system32\addqx.exe
O4 - HKLM\..\Run: [iepd32.exe] C:\WINDOWS\system32\iepd32.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: BHODemon 2.0.lnk = D:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\system32\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124077159921
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O18 - Protocol: bw+0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--------

Making me nuts!

I appreciate any help anyone can provide.

Eric
  • 0

Advertisements

#2
Rawe
Posted 24 August 2005 - 06:34 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi, I'm sorry for the late reply. Huge traffic on the site--

If you still need help with the problem can you post a fresh log to this thread. If you have gotten help elsewhere, please let me know.

Again, I appologize for the late reply. :tazz:
  • 0

#3
efrisch
Posted 24 August 2005 - 04:34 PM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the latest... I also cannot get the cd player to recognize a clean disk to copy files to. I finally got it to recognize and read the drive, but not burn a cd.

I moved a lot of wierd files out of my Windows folder and I think that's why a lot of the "File Missing"s are below! That helped cut down on the massive takeovers I was experiencing. It was creating 30-40 new files a day in Windows and Windows/sytem 32.

I ran several downloaded programs that I found mentioned in other threads and that pretty much stopped it all for the time being. I had to go enable a lot of services to get my printer and cd and dvd to run. I guess I turned something back on because last night after I enabled many, it started creating exe files again, although it was only one or two.

WHen I run Spybot, it finds CoolWWWSearch.HomeSearch and finds the following:
C:\Windows\xodxq.txt
C:\Windows\ttglb.txt
C:\Windows\cbbsx.dat
C:\Windows\bshty.txt

It can't remove them because thy're in use. I can't delete them because they're in use.

I appreciate your help! :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:30:50 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
d:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hphmon03.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\BHODemon 2\BHODemon.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\winlogon.exe
d:\Program Files\ewido\security suite\securitysuite.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0C486A9A-90AE-95F6-758D-9AE8676B4FF7} - C:\WINDOWS\system32\sdkmd.dll (file missing)
O2 - BHO: Class - {15EAF32F-E910-66D5-9145-A0FEDA5A8A51} - C:\WINDOWS\atlqw32.dll (file missing)
O2 - BHO: Class - {2FFCC592-EAD4-6D02-D413-20591011A0B5} - C:\WINDOWS\atlon.dll (file missing)
O2 - BHO: Class - {389793A1-16BF-5CDB-995A-72BC57DA44B5} - C:\WINDOWS\crgw32.dll (file missing)
O2 - BHO: Class - {5FDE86BE-CDD8-F674-36B1-B4FB01197E45} - C:\WINDOWS\system32\addnn.dll (file missing)
O2 - BHO: Class - {6260FBF7-CD9D-F682-E948-D4F9627B878A} - C:\WINDOWS\system32\netwa.dll (file missing)
O2 - BHO: Class - {62876854-EDA6-07DA-05A9-EA959624D86C} - C:\WINDOWS\system32\atled.dll (file missing)
O2 - BHO: Class - {7630AB6D-5BE6-C0AF-EE74-55DA8F18C91C} - C:\WINDOWS\system32\ntak32.dll (file missing)
O2 - BHO: Class - {877E32FD-53A0-0D73-8770-3C53B7A199C8} - C:\WINDOWS\crrx32.dll (file missing)
O2 - BHO: Class - {88E8A419-2FA8-BA69-851F-E374BC7FF816} - C:\WINDOWS\javapk32.dll (file missing)
O2 - BHO: Class - {8B82102E-F491-66D2-F758-5BB004FEE44C} - C:\WINDOWS\windd.dll (file missing)
O2 - BHO: Class - {92B90350-AC71-9624-9C25-44FC4ECFC374} - C:\WINDOWS\mfcuh32.dll (file missing)
O2 - BHO: Class - {9FD032D5-602C-3E4D-9D83-1D7F4C0CC523} - C:\WINDOWS\winzs32.dll (file missing)
O2 - BHO: Class - {A1478393-27A6-A004-43B7-4A801508772A} - C:\WINDOWS\system32\atlsy32.dll (file missing)
O2 - BHO: Class - {B543DA16-5622-738B-5E88-D833B851F319} - C:\WINDOWS\system32\mfcor32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apiuq.dll (file missing)
O2 - BHO: Class - {C5E8D939-2CE8-9ADD-8CA0-BD0FC64AA090} - C:\WINDOWS\system32\sysig32.dll (file missing)
O2 - BHO: Class - {C8F47880-52EF-4AA6-8D33-E43E9369AC13} - C:\WINDOWS\system32\ievq.dll (file missing)
O2 - BHO: Class - {D1F54785-3008-D469-EAF6-3608BE22CDCC} - C:\WINDOWS\system32\winbu.dll (file missing)
O2 - BHO: Class - {D78AFF2F-0E6C-C9B5-D9F0-C5E6558B36A9} - C:\WINDOWS\d3vq.dll (file missing)
O2 - BHO: Class - {F1B51150-D9B4-4CAE-8739-FCA1CC8D224D} - C:\WINDOWS\system32\iebe32.dll (file missing)
O2 - BHO: Class - {FEAE3120-346F-50F3-C47A-1B9D99153BFC} - C:\WINDOWS\system32\javani32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: BHODemon 2.0.lnk = D:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\system32\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124077159921
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O18 - Protocol: bw+0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by efrisch, 24 August 2005 - 06:23 PM.

  • 0

#4
Rawe
Posted 25 August 2005 - 04:49 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
First, I need you to ENABLE all the services you have disabled this far. I really need to see them. Next, can you also tell me which files you deleted? I really would need to know.. Please don't delete any files unless I ask you to. :)

Ok follow these instructions.

Please print these instructions out, or write them down, as you can't read them during the fix.

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6 and always go online and update it before you run it).

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

Close Ad-aware for now.

Update Ewido Security Suite to the latest definitions as well, making sure it's the latest version (3.5)

Download CleanUp
Install the program, dont run it yet, we will later.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now launch Ad-aware..

2. Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click on "Proceed"
4. Click on "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to every "target family" for removal.
11. Click "Next", Click "OK".

Exit the program (Do NOT reboot.)

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Finally run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Reboot into normal mode and post the Ewido log here along with a fresh HijackThis log.

- Rawe :tazz:
  • 0

#5
efrisch
Posted 26 August 2005 - 01:23 PM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All done.
When I ran Cleanup, it said there were a couple more it couldn't get because they were in use. Did I want to restart to get them? I said "no" because I didn't see anything like that in the instructions you gave. Should I do it over and log off and then rescan?

Here is the Exido report:

---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 3:16:12 PM, 8/26/2005
+ Report-Checksum: 83603C92

Reg\HKLM\Run zBrowser Launcher D:\Program Files\Logitech\iTouch\iTouch.exe
Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
Reg\HKLM\Run Logitech Utility Logi_MwX.Exe
Reg\HKLM\Run gcasServ "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
Reg\HKLM\Run HPHmon03 C:\WINDOWS\System32\hphmon03.exe
Reg\HKLM\Run HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
Reg\HKLM\Run CleanupProgram C:\Sonysys\cleanup.exe
Reg\HKLM\Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Reg\HKLM\Run RegistryMechanic
Reg\HKCU\Run Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
Reg\HKCU\Run LDM \Program\
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run H/PC Connection Agent "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
Reg\HKCU\Run AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
Reg\HKCU\Run BestPopUpKiller C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
Shell\CommonStartup Logitech Desktop Messenger.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Shell\CommonStartup VAIO Action Setup (Server).lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
Shell\UserStartup BHODemon 2.0.lnk C:\Documents and Settings\Eric Frischmuth\Start Menu\Programs\Startup\BHODemon 2.0.lnk


Here is the Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 3:20:48 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\HPHipm09.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\BHODemon 2\BHODemon.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0C486A9A-90AE-95F6-758D-9AE8676B4FF7} - C:\WINDOWS\system32\sdkmd.dll (file missing)
O2 - BHO: Class - {15EAF32F-E910-66D5-9145-A0FEDA5A8A51} - C:\WINDOWS\atlqw32.dll (file missing)
O2 - BHO: Class - {2FFCC592-EAD4-6D02-D413-20591011A0B5} - C:\WINDOWS\atlon.dll (file missing)
O2 - BHO: Class - {389793A1-16BF-5CDB-995A-72BC57DA44B5} - C:\WINDOWS\crgw32.dll (file missing)
O2 - BHO: Class - {5FDE86BE-CDD8-F674-36B1-B4FB01197E45} - C:\WINDOWS\system32\addnn.dll (file missing)
O2 - BHO: Class - {6260FBF7-CD9D-F682-E948-D4F9627B878A} - C:\WINDOWS\system32\netwa.dll (file missing)
O2 - BHO: Class - {62876854-EDA6-07DA-05A9-EA959624D86C} - C:\WINDOWS\system32\atled.dll (file missing)
O2 - BHO: Class - {7630AB6D-5BE6-C0AF-EE74-55DA8F18C91C} - C:\WINDOWS\system32\ntak32.dll (file missing)
O2 - BHO: Class - {877E32FD-53A0-0D73-8770-3C53B7A199C8} - C:\WINDOWS\crrx32.dll (file missing)
O2 - BHO: Class - {88E8A419-2FA8-BA69-851F-E374BC7FF816} - C:\WINDOWS\javapk32.dll (file missing)
O2 - BHO: Class - {8B82102E-F491-66D2-F758-5BB004FEE44C} - C:\WINDOWS\windd.dll (file missing)
O2 - BHO: Class - {92B90350-AC71-9624-9C25-44FC4ECFC374} - C:\WINDOWS\mfcuh32.dll (file missing)
O2 - BHO: Class - {9FD032D5-602C-3E4D-9D83-1D7F4C0CC523} - C:\WINDOWS\winzs32.dll (file missing)
O2 - BHO: Class - {A1478393-27A6-A004-43B7-4A801508772A} - C:\WINDOWS\system32\atlsy32.dll (file missing)
O2 - BHO: Class - {B543DA16-5622-738B-5E88-D833B851F319} - C:\WINDOWS\system32\mfcor32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apiuq.dll (file missing)
O2 - BHO: Class - {C5E8D939-2CE8-9ADD-8CA0-BD0FC64AA090} - C:\WINDOWS\system32\sysig32.dll (file missing)
O2 - BHO: Class - {C8F47880-52EF-4AA6-8D33-E43E9369AC13} - C:\WINDOWS\system32\ievq.dll (file missing)
O2 - BHO: Class - {D1F54785-3008-D469-EAF6-3608BE22CDCC} - C:\WINDOWS\system32\winbu.dll (file missing)
O2 - BHO: Class - {D78AFF2F-0E6C-C9B5-D9F0-C5E6558B36A9} - C:\WINDOWS\d3vq.dll (file missing)
O2 - BHO: Class - {F1B51150-D9B4-4CAE-8739-FCA1CC8D224D} - C:\WINDOWS\system32\iebe32.dll (file missing)
O2 - BHO: Class - {FEAE3120-346F-50F3-C47A-1B9D99153BFC} - C:\WINDOWS\system32\javani32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: BHODemon 2.0.lnk = D:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\system32\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124077159921
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O18 - Protocol: bw+0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


I don't recall which files I may have deleted. I think I just moved them to different folders and then moved them back...THere amay have been a couple deleted though I can't remember.

Thanks again for all your help!
  • 0

#6
Rawe
Posted 26 August 2005 - 01:27 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you disable Ewido background guard, it might interfere.

Your Ewido log.. Don't you have anything else in there? I would need to see the part of the infected items, not the Startup report. Let me know..

Just disable the Ewido guard and post the correct log and we'll go from there :tazz:
  • 0

#7
efrisch
Posted 26 August 2005 - 06:47 PM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the ewido from a couple of days ago. It had a lot of stuff The one from today will be after this:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:54:42 PM, 8/24/2005
+ Report-Checksum: A9EF7CF4

+ Scan result:

:mozilla.8:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
-> : Error during cleaning
:mozilla.32:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

Today's Report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:36:03 PM, 8/26/2005
+ Report-Checksum: CD6024C0

+ Scan result:

:mozilla.7:C:\Documents and Settings\Eric Frischmuth\Application Data\Mozilla\Firefox\Profiles\gjymnviy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Pam Frischmuth\Application Data\Mozilla\Firefox\Profiles\0p5t32dd.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Pam Frischmuth\Cookies\pam frischmuth@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Pam Frischmuth\Cookies\pam frischmuth@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Pam Frischmuth\Cookies\pam frischmuth@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Pam Frischmuth\Cookies\pam [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup


::Report End

It appears to be starting to try and add those crazy files again, but can't be sure. System really running slowly, though.

If I remove the register fro the CD-RW and do an add hardware, do you think that might re enable my cd burner so that it recognizes the blank media and records?

Thanks again for all your help.

Eric
  • 0

#8
Rawe
Posted 27 August 2005 - 01:28 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry, I have no idea about hardware. Let's just clean up your system before that.. We have great hardware techs around here, and a great forum for it as well.

Run a scan with HiJackThis and check the following objects for removal:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0C486A9A-90AE-95F6-758D-9AE8676B4FF7} - C:\WINDOWS\system32\sdkmd.dll (file missing)
O2 - BHO: Class - {15EAF32F-E910-66D5-9145-A0FEDA5A8A51} - C:\WINDOWS\atlqw32.dll (file missing)
O2 - BHO: Class - {2FFCC592-EAD4-6D02-D413-20591011A0B5} - C:\WINDOWS\atlon.dll (file missing)
O2 - BHO: Class - {389793A1-16BF-5CDB-995A-72BC57DA44B5} - C:\WINDOWS\crgw32.dll (file missing)
O2 - BHO: Class - {5FDE86BE-CDD8-F674-36B1-B4FB01197E45} - C:\WINDOWS\system32\addnn.dll (file missing)
O2 - BHO: Class - {6260FBF7-CD9D-F682-E948-D4F9627B878A} - C:\WINDOWS\system32\netwa.dll (file missing)
O2 - BHO: Class - {62876854-EDA6-07DA-05A9-EA959624D86C} - C:\WINDOWS\system32\atled.dll (file missing)
O2 - BHO: Class - {7630AB6D-5BE6-C0AF-EE74-55DA8F18C91C} - C:\WINDOWS\system32\ntak32.dll (file missing)
O2 - BHO: Class - {877E32FD-53A0-0D73-8770-3C53B7A199C8} - C:\WINDOWS\crrx32.dll (file missing)
O2 - BHO: Class - {88E8A419-2FA8-BA69-851F-E374BC7FF816} - C:\WINDOWS\javapk32.dll (file missing)
O2 - BHO: Class - {8B82102E-F491-66D2-F758-5BB004FEE44C} - C:\WINDOWS\windd.dll (file missing)
O2 - BHO: Class - {92B90350-AC71-9624-9C25-44FC4ECFC374} - C:\WINDOWS\mfcuh32.dll (file missing)
O2 - BHO: Class - {9FD032D5-602C-3E4D-9D83-1D7F4C0CC523} - C:\WINDOWS\winzs32.dll (file missing)
O2 - BHO: Class - {A1478393-27A6-A004-43B7-4A801508772A} - C:\WINDOWS\system32\atlsy32.dll (file missing)
O2 - BHO: Class - {B543DA16-5622-738B-5E88-D833B851F319} - C:\WINDOWS\system32\mfcor32.dll (file missing)
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apiuq.dll (file missing)
O2 - BHO: Class - {C5E8D939-2CE8-9ADD-8CA0-BD0FC64AA090} - C:\WINDOWS\system32\sysig32.dll (file missing)
O2 - BHO: Class - {C8F47880-52EF-4AA6-8D33-E43E9369AC13} - C:\WINDOWS\system32\ievq.dll (file missing)
O2 - BHO: Class - {D1F54785-3008-D469-EAF6-3608BE22CDCC} - C:\WINDOWS\system32\winbu.dll (file missing)
O2 - BHO: Class - {D78AFF2F-0E6C-C9B5-D9F0-C5E6558B36A9} - C:\WINDOWS\d3vq.dll (file missing)
O2 - BHO: Class - {F1B51150-D9B4-4CAE-8739-FCA1CC8D224D} - C:\WINDOWS\system32\iebe32.dll (file missing)
O2 - BHO: Class - {FEAE3120-346F-50F3-C47A-1B9D99153BFC} - C:\WINDOWS\system32\javani32.dll (file missing)

Every entry similar to this EXCEPT the first one:

O18 - Protocol: bw+0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Close ALL open windows except for HiJackThis and hit FIX CHECKED.

Reboot. Post a fresh log.

- Rawe :tazz:
  • 0

#9
efrisch
Posted 27 August 2005 - 03:16 AM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Booted much faster! I wasn't sure about all the 018 lines. One seemed a little different so I left it in, let me know if I should take it out, too. It's the second one listed, below.



Logfile of HijackThis v1.99.1
Scan saved at 5:13:22 AM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
d:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\system32\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124077159921
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O18 - Protocol: bw+0 - {E3E9CAB6-E80F-4DDA-B9A7-555081771E33} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
Rawe
Posted 27 August 2005 - 03:19 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your log's looking great! :tazz:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#11
efrisch
Posted 27 August 2005 - 06:47 AM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here it is


********
5:47 AM: |··· Start of Session, Saturday, August 27, 2005 ···|
5:47 AM: Spy Sweeper started
5:47 AM: Sweep initiated using definitions version 522
5:47 AM: Starting Memory Sweep
5:52 AM: Memory Sweep Complete, Elapsed Time: 00:04:51
5:52 AM: Starting Registry Sweep
5:52 AM: Found Trojan Horse: agent.ay downloader
5:52 AM: HKCR\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103338)
5:52 AM: HKLM\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103347)
5:52 AM: Found Adware: cws_ns3
5:52 AM: HKCR\clsid\{4fbb115d-894b-592c-e7c1-41e7c088266f}\localserver32\ (1 subtraces) (ID = 117863)
5:52 AM: HKLM\software\classes\clsid\{4fbb115d-894b-592c-e7c1-41e7c088266f}\localserver32\ (1 subtraces) (ID = 119736)
5:52 AM: Found Adware: cws_ns3 hijacker
5:52 AM: HKU\WRSS_Profile_S-1-5-21-602162358-308236825-1801674531-1006\software\microsoft\internet explorer\main\ || search bar (ID = 123390)
5:52 AM: HKU\WRSS_Profile_S-1-5-21-602162358-308236825-1801674531-1006\software\microsoft\internet explorer\main\ || search page (ID = 123391)
5:52 AM: Registry Sweep Complete, Elapsed Time:00:00:16
5:52 AM: Starting Cookie Sweep
5:52 AM: Found Spy Cookie: atwola cookie
5:52 AM: pam frischmuth@atwola[1].txt (ID = 2255)
5:52 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:52 AM: Starting File Sweep
5:53 AM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
5:54 AM: Warning: Failed to read file "c:\windows\sonysys\setup\lib\l11_e.ldz". Data error (cyclic redundancy check)
5:54 AM: Found Adware: security iguard
5:54 AM: chmhelp.chm (ID = 75238)
5:54 AM: Found Adware: commonname
5:54 AM: rmcomtb.dat (ID = 111038)
5:54 AM: Found System Monitor: win-spy monitor
5:54 AM: urlhist.tlb (ID = 89206)
5:54 AM: Found Adware: apropos
5:54 AM: exec.exe (ID = 50118)
5:57 AM: Warning: Failed to read file "c:\documents and settings\eric frischmuth\local settings\temp\perflib_perfdata_d0c.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
5:58 AM: File Sweep Complete, Elapsed Time: 00:05:56
5:58 AM: Full Sweep has completed. Elapsed time 00:11:11
5:58 AM: Traces Found: 17
8:44 AM: Removal process initiated
8:44 AM: Quarantining All Traces: agent.ay downloader
8:44 AM: Quarantining All Traces: cws_ns3
8:44 AM: Quarantining All Traces: cws_ns3 hijacker
8:44 AM: Quarantining All Traces: atwola cookie
8:44 AM: Quarantining All Traces: security iguard
8:44 AM: Quarantining All Traces: commonname
8:44 AM: Quarantining All Traces: win-spy monitor
8:44 AM: Quarantining All Traces: apropos
8:45 AM: Removal process completed. Elapsed time 00:00:20
********
5:43 AM: |··· Start of Session, Saturday, August 27, 2005 ···|
5:43 AM: Spy Sweeper started
5:47 AM: Updating spyware definitions
5:47 AM: Your definitions are up to date.
5:47 AM: |··· End of Session, Saturday, August 27, 2005 ···|


Thanks
  • 0

#12
efrisch
Posted 27 August 2005 - 09:22 AM

efrisch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I did get my cd recording capabilities back, though! I unistalled and reinstalled and it worked...go figure.

As you have also probably noticed, I have a lot of spyware programs or should I say antispyware and antiVirus. MOst didn't catch anything!


Giant
SpyKiller
ewido
Adaware
Spybot
BHO Demon
Cleanup
sysclean
Killbox
Registery Mechanic
Error Nuker

and probably more...which ones should I keep and which ones should I get rid of?
It seems each caught something but none caught all!

I don't think I want all of these running in the background, do I?


Still seems like it's doing weird things...disabling my internet connections, unenabling my NOrton auto protect, etc....

Also, SPybot still fins these under CoolWWWSearch.HOmeSearch and can't get rid of them because they're in use

C:\WINDOWS\xodxq.txt
C:\WINDOWS\ttglb.txt
C:\WINDOWS\cbbsx.dat
C:\WINDOWS\bshty.txt

Edited by efrisch, 27 August 2005 - 09:45 AM.

  • 0

#13
Rawe
Posted 28 August 2005 - 07:44 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Go ahead and uninstall (well, these are just my recommendations):

Giant
SpyKiller (This is rogue/suspect product... See more here: http://www.spywarewa...ti-spyware.htm)
ewido
BHO Demon
sysclean
Killbox
Error Nuker

Leave Ad-aware, SpyBot, Cleanup, Registery Mechanic & Anti-virus.

Can you post a fresh HiJackThis log once you have uninstalled the software and deleted the folders. :tazz:
  • 0

#14
Rawe
Posted 13 September 2005 - 09:24 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP