Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack? [RESOLVED]

Started by Jayco , Oct 04 2005 01:31 PM

  • This topic is locked This topic is locked

#1
Jayco
Posted 04 October 2005 - 01:31 PM

Jayco

    New Member

  • Member
  • Pip
  • 4 posts
Hey all...

Recently I was hit (not sure how, as I run virus scanners, Microsoft's Anti-spyware, and Adaware) with the Winfix popup issue.

I found the .dll that was causing that, and managed to get it removed (I think), but I still feel like something isn't quite right. My machine is sluggish and I get perfdisk errors in the log when I boot up.

Here is my Hijack This log... can you let me know if you see anything?

Logfile of HijackThis v1.99.1
Scan saved at 2:30:01 PM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\CDProxyServ.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Installation Files\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim Coates\Application Data\Mozilla\Profiles\default\wl6o5b98.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...2215/model.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: bw+0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINNT\CDProxyServ.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



Thanks!
  • 0

Advertisements

#2
greyknight17
Posted 04 October 2005 - 04:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I don't see anything majorly wrong here. Let's see if Ewido can spot anything.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim Coates\Application Data\Mozilla\Profiles\default\wl6o5b98.slt\prefs.js)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...2215/model.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab

Check and fix ALL those O18 entries related to Logitech, except for the first line (see below). Leave that one unchecked:

O18 - Protocol: bw+0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Restart your computer. Post the logs for HijackThis and Ewido.
  • 0

#3
Jayco
Posted 04 October 2005 - 09:21 PM

Jayco

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok... I did what was mentioned.

Ewido did find some stuff, and it cleaned it, but upon reboot I still am having the same akward errors that I did before.

SSSCSISV errors
Perfdisk errors
WMI ADAP errors

Here are the two requested logs:

(I left the EICAR files alone, as I know what they are and I use them for testing mail scanner security)

Also, the N3 line in the Hijack This! log would NOT delete... I've tried several times (safe mode and otherwise)

Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:02:55 PM, 10/4/2005
+ Report-Checksum: 954C36CA

+ Scan result:

C:\Documents and Settings\Jim Coates\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Ignored
C:\Documents and Settings\Jim Coates\My Documents\Laridian Web Files\Installation Files\eicar.com -> Not-A-Virus.Eicar.TestFile : Ignored
C:\Documents and Settings\Jim Coates\My Documents\Laridian Web Files\spam uploads\eicar_com.zip/eicar.com -> Not-A-Virus.Eicar.TestFile : Ignored
C:\Documents and Settings\Jim Coates\My Documents\Laridian Web Files\Upload Files\eicarcom2.zip/eicar_com.zip/eicar.com -> Not-A-Virus.Eicar.TestFile : Ignored
C:\Documents and Settings\Jim Coates\My Documents\Laridian Web Files\Upload Files\eicar_com.zip/eicar.com -> Not-A-Virus.Eicar.TestFile : Ignored
C:\eicar_com.zip/eicar.com -> Not-A-Virus.Eicar.TestFile : Ignored
:mozilla.6:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jim Coates\Application Data\Phoenix\Profiles\default\m4tlos53.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3E6186A6-FBDA-4B5B-B26B-FB10B6\2A96CF8E-F96C-4815-B4FA-D3CAB7 -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3E6186A6-FBDA-4B5B-B26B-FB10B6\422B55E1-B039-484B-A1EF-8C7056 -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3E6186A6-FBDA-4B5B-B26B-FB10B6\F8B6E08B-EBBB-464D-B735-E21BEB -> Spyware.NavExcel : Cleaned with backup
C:\WINNT\system32\awvwv.dll -> TrojanDownloader.Small.bpk : Cleaned with backup
C:\WINNT\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End



Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 10:16:41 PM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\CDProxyServ.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Installation Files\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jim Coates\Application Data\Mozilla\Profiles\default\wl6o5b98.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: bw+0 - {A70EC404-9061-4414-83DC-0C5FA02E8416} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINNT\CDProxyServ.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


Thanks!
Jim
  • 0

#4
greyknight17
Posted 05 October 2005 - 11:28 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, for those errors, what is detecting them? You said you see them in a log?

Try checking and fixing these in HijackThis to see if the problem goes away:

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

#5
Jayco
Posted 05 October 2005 - 12:02 PM

Jayco

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I found what was causing some of the issues... my new ATi card had an issue with its catalyst component (the control panel).. I removed that and 80% of my remaining errors went away.

I'm seeing the errors in the event log of Win2000.

The only two remaining have to do with the SSScsiSV portion of Sony's SonicStage (which I do have an use). Would you still recommend getting rid of it in Hijack This!?


Thanks
Jim

Edited by Jayco, 05 October 2005 - 12:03 PM.

  • 0

#6
greyknight17
Posted 05 October 2005 - 01:46 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, fix them or if you want, disable them manually in the services.msc window (Start->Run and type in services.msc and hit ok).

Any other problems now?
  • 0

#7
Jayco
Posted 05 October 2005 - 01:50 PM

Jayco

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The only other problem is one that I'm not sure is related... my scaner (HP 6200C) sometimes just disappears from the device manager and reappears as an "unknown device"

Otherwise it looks good (as long as the logs look good to you)

Thanks!
Jim
  • 0

#8
greyknight17
Posted 05 October 2005 - 02:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The scanner problem could be something related to the drivers. Try removing the drivers, restart and then reinstalling them.

If you still have problems with it, ask this in the Hardware forum and someone should help you there.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP