Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winfixer popups

Started by avh , Dec 02 2005 08:58 AM

  • Please log in to reply

#1
avh
Posted 02 December 2005 - 08:58 AM

avh

    New Member

  • Member
  • Pip
  • 2 posts
I have run your suggested programs. Still have issues with winfixer poping up. Attatched is my vundofix.txt and hijackthis.log files.
I looked at a similar post but your sugested files to remove ie... 02 - BHO .. were different and Im unsure as to which I should remove. The ActiveScan also came back with 0 problems ? HELP... this is driving me crazy... thanks in advance.AVH.

Logfile of HijackThis v1.99.1
Scan saved at 4:03:44 PM, on 11/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LVComsX.exe
C:\WINNT\system32\ctfmon.exe
D:\DOCUME~1\ANDREW~1.HOO\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BearingPoint
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://beproxy.corp....gpoint.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINNT\system32\rqrqp.dll
O2 - BHO: BEBHO.clsBEBHO - {E9E7EA0F-8D28-46D1-BCAD-B0843D4A4B4B} - C:\WINNT\system32\BEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PwrMngSvc] c:\Winnt\System32\PwrMngSvc.exe
O4 - HKLM\..\Run: [Outlook Security ] wscript.exe "C:\Program Files\BearingPoint\Global Desktop\Utilities\Outlook Security Tool.vbs"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NpsMan] C:\WINNT\system32\NPSMan.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BearingPoint TV] "D:\Program Files\BETV\7398437\Program\BearingPoint TV.exe" -startup
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: BearingPoint TV.lnk = D:\Program Files\BETV\7398437\Program\BearingPoint TV.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Visio\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124131309821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124135293617
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://be.webex.com...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.kpmgconsulting.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.kpmgconsulting.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.kpmgconsulting.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.kpmgconsulting.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = corp.kpmgconsulting.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.kpmgconsulting.com
O18 - Protocol: bw+0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AA0DB7FD-9517-4BDA-B0C6-CACEC5D4D89F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: rqrqp - C:\WINNT\system32\rqrqp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IgniteService - Unknown owner - D:\Program Files\BETV\7398437\Program\IgniteService.exe" -Service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Power Management Service (PowManSvc) - NPS software - C:\WINNT\system32\PowManSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Security maintenance service - BearingPoint - Global - C:\WINNT\system32\SecMaint.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware GSX Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware GSX Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - Unknown owner - C:\WINNT\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe


I have run your suggested programs. Still have issues with winfixer poping up. Attatched is my vundofix.txt and hijackthis.log files.
I looked at a similar post but your sugested files to remove ie... 02 - BHO .. were different and Im unsure as to which I should remove. The ActiveScan also came back with 0 problems ? HELP... this is driving me crazy... thanks in advance.AVH.



VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\systems32\vtsqo.dll

The second filepath entered was c:\Windows\system32\opstv.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 204 'smss.exe'

Killing PID 1924 'explorer.exe'
Killing PID 1924 'explorer.exe'
Error 0x5 : Access is denied.



Killing PID 224 'winlogon.exe'
Killing PID 224 'winlogon.exe'
Error 0x5 : Access is denied.

--------------------------------------------------------------------------------------

C:\WINDOWS\systems32\vtsqo.dll Deleted sucessfully.
c:\Windows\system32\opstv.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP