Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is infested, I have tried everything :( [CLOSED]


  • This topic is locked This topic is locked

#1
infliktah

infliktah

    Member

  • Member
  • PipPip
  • 41 posts
After reformatting, I've had a slew of problems from day one, most being resolved with ad-aware se, and things, but ipon coming to this website, and checking forums, for information, i have downloaded many other programs such as HJT, Trojan Hunter, Ewido, Spybot. However, lately my computer has literally gone waywire, and it's nothing but a big lag. I can't even open up IE anymore, it shows that it has " encountered a problem, and must close " Please help, here is my HJT log : Logfile of HijackThis v1.99.1
Scan saved at 8:37:51 PM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wmsmgs.exe
C:\WINDOWS\System32\yahootray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\krnl386.exe
C:\WINDOWS\services.exe
C:\WINDOWS\winlog.exe
C:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
c:\igg5l.exe
C:\WINDOWS\QnJhbmRvbg\command.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ursqn.dll
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\System32\wvwwu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [internet service] wmsmgs.exe
O4 - HKLM\..\Run: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\insp.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKLM\..\RunServices: [Microsoft Intranet Explorer] msupdate.exe
O4 - HKLM\..\RunServices: [Yahoo IM Service] yahootray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 206.47.244.61 206.47.244.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\kddcz.dll
O20 - Winlogon Notify: ursqn - C:\WINDOWS\SYSTEM32\ursqn.dll
O20 - Winlogon Notify: wvwwu - C:\WINDOWS\System32\wvwwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhbmRvbg\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe (file missing)
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe
  • 0

Advertisements


#2
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Welcome to GeeksToGo infliktah

My name is MasterJ and I will be helping you with your problem.

I am currently reviewing your log and will post a fix shortly.
  • 0

#3
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
sounds good, im so frustrated *tear* I appreciate your help, i hope it's nothing serious.
  • 0

#4
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
MasterJ :tazz:
  • 0

#5
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
god, that tookme way longer then it should have, maybe you have an idea of how painstakingly slow my computer is being :tazz: anywayz, here's what u asked for VundoFix V4.2.16
Scan started at 12:42:36 AM 2/2/2006

Listing files found while scanning....

C:\WINDOWS\System32\rqrqp.dll
C:\WINDOWS\System32\pqrqr.ini
C:\WINDOWS\System32\pqrqr.bak1
C:\WINDOWS\System32\pqrqr.bak2
C:\WINDOWS\System32\khhhi.dll

C:\WINDOWS\system32\pqrqr.bak1
C:\WINDOWS\system32\pqrqr.bak2
C:\WINDOWS\system32\pqrqr.ini
C:\WINDOWS\system32\rqrqp.dll
Attempting to delete C:\WINDOWS\System32\rqrqp.dll
C:\WINDOWS\System32\rqrqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pqrqr.ini
C:\WINDOWS\System32\pqrqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\pqrqr.bak1
C:\WINDOWS\System32\pqrqr.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\pqrqr.bak2
C:\WINDOWS\System32\pqrqr.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\khhhi.dll
C:\WINDOWS\System32\khhhi.dll Has been deleted!

Performing Repairs to the registry.
Done!
VundoFix V4.0

Listing files found while scanning....


C:\WINDOWS\system32\uwwvw.bak1
C:\WINDOWS\system32\uwwvw.bak2
C:\WINDOWS\system32\uwwvw.tmp
C:\WINDOWS\system32\uwwvw.ini
C:\WINDOWS\system32\uwwvw.ini2
C:\WINDOWS\system32\wvwwu.dll
Attempting to delete C:\WINDOWS\system32\uwwvw.bak1
C:\WINDOWS\system32\uwwvw.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwwvw.bak2
C:\WINDOWS\system32\uwwvw.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwwvw.tmp
C:\WINDOWS\system32\uwwvw.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwwvw.ini
C:\WINDOWS\system32\uwwvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwwvw.ini2
C:\WINDOWS\system32\uwwvw.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvwwu.dll
C:\WINDOWS\system32\wvwwu.dll Could not be deleted.

Performing Repairs to the registry.
Done!
  • 0

#6
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Vundo causes that major computer lag. I used to have it too. Would you post a new Hijackthis log?
  • 0

#7
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:42:10 PM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wmsmgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\QnJhbmRvbg\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\krnl386.exe
C:\WINDOWS\services.exe
C:\WINDOWS\winlog.exe
C:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
C:\WINDOWS\nav32.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ursqn.dll
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\System32\wvwwu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [internet service] wmsmgs.exe
O4 - HKLM\..\Run: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\insp.exe
O4 - HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\igg5l.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKLM\..\RunServices: [Microsoft Intranet Explorer] msupdate.exe
O4 - HKLM\..\RunServices: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\insp.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 206.47.244.61 206.47.244.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ursqn - C:\WINDOWS\SYSTEM32\ursqn.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\kddcz.dll
O20 - Winlogon Notify: wvwwu - C:\WINDOWS\System32\wvwwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhbmRvbg\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe
It gets worse too, in order to run HJT, or to even use task manager, i had to use a nifty program i have ( process explorer xp ), to kill the processes, " winocx" and one other random named suspicious one...
  • 0

#8
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Im here, (tuesday ) when you are here MasterJ, please pm me, or post...i desperately need help *tear*
  • 0

#9
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
You have quite a few infections. Let's try to clear them up.

Please print out these instructions for reference later on.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido.

Now restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

Reboot into normal mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report and post a new HijackThis log, the Ewido log, and the entire contents of the log.txt file in the aproposfix folder.

MasterJ :tazz:

Edited by MasterJ, 21 February 2006 - 04:32 PM.

  • 0

#10
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Brandon1\Desktop\apps\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!
Logfile of HijackThis v1.99.1
Scan saved at 7:25:46 PM, on 2/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\krnl386.exe
C:\WINDOWS\services.exe
C:\WINDOWS\winlog.exe
C:\Documents and Settings\Brandon1\Desktop\apps\procexp.exe
C:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
c:\igy5l.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ursqn.dll
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\System32\wvwwu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [internet service] wmsmgs.exe
O4 - HKLM\..\Run: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\igg5l.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] c:\insp.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKLM\..\RunServices: [Microsoft Intranet Explorer] msupdate.exe
O4 - HKLM\..\RunServices: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] c:\insp.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 206.47.244.61 206.47.244.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\h44m0eh1eh4.dll
O20 - Winlogon Notify: ursqn - C:\WINDOWS\SYSTEM32\ursqn.dll
O20 - Winlogon Notify: wvwwu - C:\WINDOWS\System32\wvwwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhbmRvbg\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe (file missing)
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe

also, important note, in order to run HJT, i had to delete the following suspicious processes; " Winocx ( sub process insp.exe ), Yahootray.exe ( i dont have yahoo ), krnl386.exe, winlog.exe " also, i noticed during certain error messages, the process " gotya.exe " popped up under my process list in processexplorer...now, im no expert, however im pretty sure that isnt a good process :tazz:
  • 0

Advertisements


#11
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Please post the panda activescan log and the Ewido log.

MasterJ
  • 0

#12
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I cannot get Panda active scan to work, and my computer is being SO slow, i cannot get ewido to finish it's scan...it would proberaly take overnight to finish it's scan
  • 0

#13
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Okay. We'll try some other stuff first. Let me review your recent log.
  • 0

#14
MasterJ

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Welcome back. You have quite a few infections so let's get to work.

Please zip the following files and email them to submit AT atribune.org ([email protected]):

C:\WINDOWS\SYSTEM32\ursqn.dll
C:\WINDOWS\System32\wvwwu.dll


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Please copy the following text in the box to Notepad. Save it as "All Files" and name it Fixservice.bat. Save it on your desktop.

sc stop cmdService
sc delete cmdService
sc stop ServiceHost
sc delete ServiceHost
sc stop windows antivirus
sc delete windows antivirus
sc stop windows kernel
sc delete windows kernel
sc stop Windows Update Service
sc delete Windows Update Service
sc stop winlog
sc delete winlog
exit

Double click Fixservice.bat. A window will open and close. This is normal.

Warez comes bundled with spyware and we recommend its removal. See more here. If you wish to keep it, ignore Green Instructions.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [internet service] wmsmgs.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\insp.exe
O4 - HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\igg5l.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKLM\..\RunServices: [Microsoft Intranet Explorer] msupdate.exe
O4 - HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\insp.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 - HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhbmRvbg\command.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis and reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now click on the Start Menu and select Control Panel. A folder should appear. Now open, Add/Remove Programs.
Please remove these entries from Add/Remove Programs (if present):

Warez

Please note any other programs that you dont recognize in that list in your next response

Now right click on the Start Menu and select Explore.
Please delete these folders using Windows Explorer(if present):

C:\Program Files\Warez P2P Client
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\yopyak.exe
    C:\igg5l.exe
    C:\insp.exe
    C:\WINDOWS\QnJhbmRvbg\command.exe
    C:\WINDOWS\shost.exe
    C:\WINDOWS\nav32.exe
    C:\WINDOWS\krnl386.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\winlog.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please delete these files using Windows Explorer(if present):

av32.pif <------You will need to click Start Menu > Search to find this file and delete it.
wmsmgs.exe <------You will need to click Start Menu > Search to find this file and delete it.
msupdate.exe <------You will need to click Start Menu > Search to find this file and delete it.
winocx.exe <------You will need to click Start Menu > Search to find this file and delete it.

After that, Reboot.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\nvcr32.exe
  • Click on the submit button
  • Please submit this file too:

    yahootray.exe <-------You will need to search for it to find its file path

  • Please post the results in your next reply.
Please post a new HijackThis log along with the scan results for the two files.

MasterJ :tazz:
  • 0

#15
infliktah

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:41:24 PM, on 2/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\yahootray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\spoolsc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\winlog.exe
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Yahoo IM Service] yahootray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\RunServices: [Yahoo IM Service] yahootray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 206.47.244.61 206.47.244.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\l46o0ej3eho.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SSMC (SpoolSvcw) - Unknown owner - C:\WINDOWS\spoolsc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe (file missing)
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe (file missing)
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP