Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to REMOVE from CONTROL PANEL: Internetoffer [CLOSED]

Started by kalifa_007 , Sep 26 2005 09:55 PM

  • This topic is locked This topic is locked

#1
kalifa_007
Posted 26 September 2005 - 09:55 PM

kalifa_007

    New Member

  • Member
  • Pip
  • 3 posts
I've tried spybot and ccleaner to no avail. i've also tried to remove some things with hijackthis, but i'm not an expert at it so need a little help. some background info: i've got this side bar opening up in google (copyrighted by www.411web.com), non-stop popups (sites such as sportsbook.com). thanks!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\koiw\dwehyolw.exe
C:\WINDOWS\system32\hcfya\iajna.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.2.3.3\InstallStub.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\system32\yoinime\oaptgdt.exe
C:\WINDOWS\system32\bhwxcbc\xeiprese.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ybfrndj\xwgkgl.exe
C:\WINDOWS\system32\wwhapadi\pson.exe
C:\WINDOWS\system32\eciae\fudqinb.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\KALMIS~1.PAR\LOCALS~1\Temp\Rar$EX07.853\HijackThis.exe
C:\DOCUME~1\KALMIS~1.PAR\LOCALS~1\Temp\Rar$EX08.018\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\KALMIS~1.PAR\LOCALS~1\Temp\jonafv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\LimeWire\LimeWire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportsline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O2 - BHO: (no name) - {D85EB3BD-46A4-DD6A-D225-0D13EDAB43AB} - C:\WINDOWS\system32\raumuneb\crmfsyrm.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [dwehyolw] C:\WINDOWS\system32\koiw\dwehyolw.exe
O4 - HKLM\..\Run: [iajna] C:\WINDOWS\system32\hcfya\iajna.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [oaptgdt] C:\WINDOWS\system32\yoinime\oaptgdt.exe
O4 - HKLM\..\Run: [xeiprese] C:\WINDOWS\system32\bhwxcbc\xeiprese.exe
O4 - HKLM\..\Run: [pson] C:\WINDOWS\system32\wwhapadi\pson.exe
O4 - HKLM\..\Run: [xwgkgl] C:\WINDOWS\system32\ybfrndj\xwgkgl.exe
O4 - HKLM\..\Run: [fudqinb] C:\WINDOWS\system32\eciae\fudqinb.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\KALMIS~1.PAR\LOCALS~1\Temp\cxlnui.exe run
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.3\InstallStub.exe -a
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O4 - Global Startup: University of Houston UH VPN Client.lnk = C:\Program Files\University of Houston\UofH VPN Client\ipsecdialer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: ListGrabber - {CA1694AD-6CEA-4BBE-A00E-A09C1D589938} - C:\Program Files\eGrabber\ListGrabber Standard 3.0\InternetAddress.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.16.2...ll/WinNTChk.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.16.2...stall/setup.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.16.2...html/AtxEnc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.16.2.../RemoveCtrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ParkwayProperties.local
O17 - HKLM\Software\..\Telephony: DomainName = ParkwayProperties.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF055F11-827A-44E8-B094-17B05E15E1BA}: Domain = parkwayproperties.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBCD0EDB-C2EF-473B-8F23-1F904DC570F7}: Domain = parkwayproperties.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ParkwayProperties.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = parkwayproperties.local,cougarnet.uh.edu,uh.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ParkwayProperties.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = parkwayproperties.local,cougarnet.uh.edu,uh.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = parkwayproperties.local,cougarnet.uh.edu,uh.edu
O18 - Protocol: bw+0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: psonwwhapadi - Unknown owner - C:\WINDOWS\system32\wwhapadi\pson.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

Advertisements

#2
Rawe
Posted 26 September 2005 - 11:50 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

There is some really important information in the header portion of the HijackThis log that I'll need to continue. It should look something like this;

Logfile of HijackThis v1.99.1
Scan saved at 0:00:00 PM, on 0/0/2005
Platform: XXXXX
MSIE: XXXXXX


Run a new scan with HiJackThis, copy & paste the complete logfile here including that header. :tazz:
  • 0

#3
kalifa_007
Posted 27 September 2005 - 09:20 AM

kalifa_007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sorry about that...it's below...also, i just realized i can't acess the TASK MANAGER and run REGEDIT...thanks!

Logfile of HijackThis v1.99.1
Scan saved at 10:58:33 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  • 0

#4
Rawe
Posted 27 September 2005 - 11:07 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Let's start with some automated scans.

Please print these instructions out, or write them down, as you can't read them during the fix.

First;

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6 and always go online and update it before you run it).

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

1) Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

Exit the program we'll run it later.

Please download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Save the file to your desktop or somewhere you'll remember - we'll run it later.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

First in Safe Mode:

Run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Then run HiJackThis, check & fix the following objects.

Every line similar to this, EXCEPT the first one:

O18 - Protocol: bw90 - {9AE60AEB-A335-4B2E-8BBC-B14136FA9E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Then close HJT.

Launch Ad-aware..

2) Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3) Click on "Proceed"
4) Click on "Scan Now"
5) Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6) Select "Search for low-risk threats"
7) Run the scanner using the Full Scan (Perform full system scan) mode.
8) When the scan has completed, select Next.
9) In the Scanning Results window, select the "Scan Summary" tab.
10) Check the box next to every "target family" for removal.
11) Click "Next", Click "OK".
12) Exit the program..

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Finally reboot into normal mode.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
Post a Ewido, Panda & a fresh HijackThis log here. :tazz:
  • 0

#5
kalifa_007
Posted 27 September 2005 - 03:38 PM

kalifa_007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I'll give it a shot...thanks a bunch for the help
  • 0

#6
Rawe
Posted 28 September 2005 - 06:41 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sure, no problem.

It might be few step process to clean your system COMPLETELY, although the first step is definately a big one. It should clean most of the garbage out.
  • 0

#7
Rawe
Posted 11 October 2005 - 06:19 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP