Forum Home
Press F1
Thread ID: 69889	2006-06-15 12:25:00	Doh! Spyware quake again ..... Help Please	mi2dear (10556)	Press F1

Post ID	Timestamp	Content	User
463368	2006-06-15 12:25:00	Speedy, Surfer joe, Pancake please help. PC got infected with Spyware quake (similar to sick puppy's problem but I see that my log file is different from sick puppy). Do I follow the same procedure or is their any change to it. The log file :........... Logfile of HijackThis v1.99.1 Scan saved at 11:11:32 PM, on 15/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Sana Security\Attack Shield\AttackShieldAgent.exe C:\windows\system32\sncntr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Sana Security\Attack Shield\AttackShield.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\SpywareQuake.com\Spyware-Quake.exe C:\Program Files\SpywareQuake.com\Spyware-Quake.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\Program Files\Opera7\opera.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpede.com/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4rq13khl.slt\prefs.j s) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: Cash4Action Bar - {AFDF828B-490E-43c4-A92C-BCC6D482C770} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - Global Startup: Attack Shield.lnk = C:\Program Files\Sana Security\Attack Shield\AttackShield.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O9 - Extra 'Tools' menuitem: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - imgfarm.com O17 - HKLM\System\CCS\Services\Tcpip\..\{FD31B142-F27B-45D6-8E38-7DEE5B45AA7D}: NameServer = 210.55.12.1 210.55.12.2 O18 - Protocol: bw+0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Attack Shield WS (AttackShield) - Unknown owner - C:\Program Files\Sana Security\Attack Shield\AttackShieldAgent.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe	mi2dear (10556)
463369	2006-06-15 16:28:00	Well . . . . . . Number one on the hit list is this: :mad: You don't use an anti-virus scanner or your scanner is not active . Only an anti-virus scanner can protect you against new viruses . Reasons why an anti-virus scanner MAY NOT BE DETECTED . . . . (1 . ) You are using the windows firewall or a hardware firewall . (2 . ) You are using a firewall of an unknown vendor . (3 . ) You are using a firewall, but for unknown reasons it is disabled OR . . . . . (4 . ) You don't use any firewall at all . :mad: Download and install one or activate windows xp´s own firewall . Now on to the scan: C:\windows\system32\sncntr . exe running process . (sncntr . exe) Added as result of a Troj/Dluca-I trojan infection . This is a nasty process! You should fix it and try to delete it manually! Manually is the keyword here! MOST TROJAN HUNTERS CANNOT CURE THIS BY THEMSELVES AND YOU WILL NEED SERIOUS TROJAN-REMOVER HELP ON THIS ONE . C:\WINDOWS\system32\atmclk . exe Check with an antivirus scanner ATMCLK . EXE is a process belonging to an advertising program . This process monitors your browsing habits and distributes the data back to the author's servers for analysis . This also prompts advertising popups . This program is a registered security risk and should be removed immediately . C:\WINDOWS\system32\dcomcfg . exe Check with an antivirus scanner Process File: dcomcfg . exe Process Name: unknown trojan Description: dcomcfg . exe is a process which is registered as a trojan . This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data . It is a registered security risk and should be removed immediately . O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1 . bin\MWSSRCAS . DLL Must be fixed! O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer . dll related to this: HP Imaging Tookit Toolbar Company : Hewlett-Packard Company Description : HP Imaging Tookit Toolbar Threat Level (1-10) : 0 Processes : HPTOOLKT . DLL CLSID List : {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}, but has been spoofed in your case with a piggy-back trojan . O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1 . bin\MWSBAR . DLL Must be fixed! . . . see above reason ^ O4 - HKLM\ . . \Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1 . bin\mwsoemon . exe "My Web Search" malware usually from porno sites and adult-oriented media O4 - HKLM\ . . \Run: [sncntr] c:\windows\system32\sncntr . exe /nocomm Added as result of a Troj/Dluca-I trojan infection O4 - HKLM\ . . \Run: [AlcxMonitor] ALCXMNTR . EXE Realtek AC97 Audio - Event Monitor . "Sypware" file used surreptitiously monitor one's actions . It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - . com/images/nocache/f . . . etup1 . 0 . 0 . 6 . cab" target="_blank">imgfarm . com Questionable if dangerous or not . . . the jury's out on this one yet . O18 - Protocol: bwc0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll NOTE: you have multiple listings of this same spyware . They are part of a hijacker list . They are from: 'cn' (CommonName) , 'ayb' (Lop . com) and 'relatedlinks' (Huntbar) O23 - Service: Attack Shield WS (AttackShield) - Unknown owner - C:\Program Files\Sana Security\Attack Shield\AttackShieldAgent . exe This is a pretty useless anti-spyware program that actually IS it's own spyware which is not from Microsoft . Often malware is starting as a systemservice and it's not easy to detect it .	SurferJoe46 (51)
463370	2006-06-16 02:25:00	Before we start working with your log, you are running Hijack This from a temporary location . If we leave it where it is, backups will not be saved so lets move the file to it's own folder in C:\Program Files . Remove your copy and download HijackThis ( . cyberanswers . org/forum/uploads/HijackThis1991 . exe" target="_blank">www . cyberanswers . org) . It will create a directory folder for you in C\Program files ============================================== Download SmitfraudFix (by S!Ri) to your Desktop . . urz . free . fr/Fix/SmitfraudFix . zip" target="_blank">siri . urz . free . fr Extract all the files to your Destop . A folder named SmitfraudFix will be created on your Desktop . Open the SmitfraudFix folder and double-click smitfraudfix . cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works . When it is done, the results of the scan will be displayed and it will create a log named rapport . txt in the root of your drive . This log you can close Reboot your computer in Safe Mode . If the computer is running, shut down Windows, and then turn off the power . Wait 30 seconds, and then turn the computer on . Start tapping the F8 key . The Windows Advanced Options Menu appears . If you begin tapping the F8 key too soon, some computers display a "keyboard error" message . To resolve this, restart the computer and try again . Ensure that the Safe Mode option is selected . Press Enter . The computer then begins to start in Safe mode . Login on your usual account . Open the SmitfraudFix Folder, then double-click smitfraudfix . cmd file to start the tool . Select option #2 - Clean by typing 2 and press Enter . Wait for the tool to complete and disk cleanup to finish . You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter . The tool will also check if wininet . dll is infected . If a clean version is found, you will be prompted to replace wininet . dll . Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter . A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually . . The tool will create a second log named rapport . txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed . Please post that log along with your next reply and a new HJT log . ================================ Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . If you cannot access that link, here are alternate links: smitRem . exe ( . downloads . subratam . org/smitRem . exe" target="_blank">www . downloads . subratam . org) smitRem . exe ( . bleepingcomputer . com/files/noahdfear/smitRem . exe" target="_blank">www . bleepingcomputer . com) Double click on the file to extract it to its own folder on the desktop . Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 . Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode . Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . The tool will create a log named smitfiles . txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed . Please post that log along with all others requested in your next reply . ** It could be possible, after reboot that the system is using the windows classic theme again . To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons . Click apply and OK Please post back the rapport . txt smitfiles . txt and a new HJT log . .	Pancake (6359)
463371	2006-06-16 09:11:00	Hi Surfer Joe and pancake, Your help is much appreciated . I have done as you have said and 3 log files have been created which i am posting now HJT Logfile Logfile of HijackThis v1 . 99 . 1 Scan saved at 8:01:53 PM, on 16/06/2006 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd . exe C:\Program Files\Spyware Doctor\sdhelp . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Sana Security\Attack Shield\AttackShieldAgent . exe C:\windows\system\hpsysdrv . exe C:\WINDOWS\System32\hkcmd . exe C:\Windows\system32\HpSrvUI . exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon . exe C:\HP\KBD\KBD . EXE C:\Program Files\VERITAS Software\Update Manager\sgtray . exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf . exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5 . exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS . EXE C:\PROGRA~1\MYWEBS~1\bar\1 . bin\mwsoemon . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Spyware Doctor\swdoctor . exe C:\Program Files\Sana Security\Attack Shield\AttackShield . exe C:\WINDOWS\System32\alg . exe C:\Program Files\ Yahoo! \Messenger\ymsgr_tray . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\HijackThis 1 . 99 . 1\HijackThis . exe N3 - Netscape 7: user_pref("browser . search . defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01 . src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4rq13khl . slt\prefs . j s) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1 . bin\MWSSRCAS . DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1 . bin\MWSBAR . DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb . dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer . dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT . DLL O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1 . bin\MWSBAR . DLL O3 - Toolbar: Cash4Action Bar - {AFDF828B-490E-43c4-A92C-BCC6D482C770} - C:\Program Files\Internet Explorer\PLUGINS\cash4action . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [hpsysdrv] c:\windows\system\hpsysdrv . exe O4 - HKLM\ . . \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd . exe O4 - HKLM\ . . \Run: [hp Silent Service] C:\Windows\system32\HpSrvUI . exe O4 - HKLM\ . . \Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe O4 - HKLM\ . . \Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon . exe O4 - HKLM\ . . \Run: [KBD] C:\HP\KBD\KBD . EXE O4 - HKLM\ . . \Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray . exe" /r O4 - HKLM\ . . \Run: [AutoTBar] C:\hp\bin\autotbar . exe O4 - HKLM\ . . \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD . EXE O4 - HKLM\ . . \Run: [USB] C:\WINDOWS\system32\usb . exe O4 - HKLM\ . . \Run: [PS2] C:\WINDOWS\system32\ps2 . exe O4 - HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5 . exe O4 - HKLM\ . . \Run: [ScanRegistry] C:\W O4 - HKLM\ . . \Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS . EXE O4 - HKLM\ . . \Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart . exe O4 - HKLM\ . . \Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray . exe O4 - HKLM\ . . \Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1 . bin\mwsoemon . exe O4 - HKLM\ . . \Run: [IgfxTray] C:\WINDOWS\System32\igfxtray . exe O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [AlcxMonitor] ALCXMNTR . EXE O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager . exe -quiet O4 - HKCU\ . . \Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect . exe O4 - HKCU\ . . \Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express . exe" O4 - HKCU\ . . \Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480 . exe O4 - HKCU\ . . \Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay . exe" /RunUPGToolCommandReBoot O4 - HKCU\ . . \Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor . exe" /Q O4 - Global Startup: Attack Shield . lnk = C:\Program Files\Sana Security\Attack Shield\AttackShield . exe O4 - Global Startup: Cisco Systems VPN Client . lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui . exe O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office\OSA9 . EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmsearch . html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmwordtrans . html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmbacklinks . html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmcache . html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmsimilar . html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1 . dll/cmtrans . html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava . dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb . dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0819 . dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0819 . dll O9 - Extra button: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action . dll O9 - Extra 'Tools' menuitem: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action . dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - . com/images/nocache/funwebproducts/SmileyCentralInitialSetup1 . 0 . 0 . 6 . cab" target="_blank">imgfarm . com O18 - Protocol: bw+0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw+0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw-0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw-0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw00 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw00s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw10 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw10s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw20 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw20s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw30 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw30s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw40 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw40s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw50 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw50s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw60 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw60s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw70 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw70s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw80 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw80s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw90 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bw90s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwa0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwa0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwb0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwb0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwc0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwc0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwd0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwd0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwe0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwe0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwf0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwf0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480 . dll O18 - Protocol: bwg0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwg0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwh0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwh0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwi0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwi0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwj0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwj0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwk0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwk0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwl0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwl0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwm0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwm0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwn0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwn0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwo0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwo0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwp0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwp0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwq0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwq0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwr0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwr0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bws0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bws0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwt0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwt0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwu0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwu0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwv0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwv0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bww0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bww0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwx0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwx0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwy0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwy0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwz0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: bwz0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O18 - Protocol: offline-8876480 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480 . dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc . dll O23 - Service: Attack Shield WS (AttackShield) - Unknown owner - C:\Program Files\Sana Security\Attack Shield\AttackShieldAgent . exe O23 - Service: Cisco Systems, Inc . VPN Service (CVPND) - Cisco Systems, Inc . - C:\Program Files\Cisco Systems\VPN Client\cvpnd . exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp . exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe rapport log file SmitFraudFix v2 . 61 Scan done at 19:31:23 . 93, Fri 16/06/2006 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5 . 1 . 2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS . exe by S!Ri Search SharedTaskScheduler's . dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\atmclk . exe Deleted C:\WINDOWS\system32\dcomcfg . exe Deleted C:\WINDOWS\system32\dxole32 . exe Deleted C:\WINDOWS\system32\hp??? . tmp Deleted C:\WINDOWS\system32\ld???? . tmp Deleted C:\WINDOWS\system32\ofcukiz . dll Deleted C:\WINDOWS\system32\ot . ico Deleted C:\WINDOWS\system32\regperf . exe Deleted C:\WINDOWS\system32\simpole . tlb Deleted C:\WINDOWS\system32\stdole3 . tlb Deleted C:\WINDOWS\system32\ts . ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide . url Deleted C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online . url Deleted C:\DOCUME~1\Owner\STARTM~1\Programs\PestTrap Deleted C:\Program Files\PestTrap\ Deleted C:\Program Files\SpywareQuake . com\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done . »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS . exe by S!Ri Search SharedTaskScheduler's . dll »»»»»»»»»»»»»»»»»»»»»»»» End smitfiles log Smitfiles log smitRem © log file version 3 . 0 by noahdfear Microsoft Windows XP [Version 5 . 1 . 2600] "IE"="6 . 0000" The current date is: Fri 16/06/2006 The current time is: 19:54:53 . 00 Running from C:\Documents and Settings\Owner\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS . exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer . com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui . dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui . dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard . com key PSGuard . com key not present! checking for WinHound . com key WinHound . com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide . url Security Troubleshooting . url Security Troubleshooting . url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat . tlb nscompat . tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2 . 03 Copyright(C) 2002-2003 Craig . Peacock@beyondlogic . org Killing PID 716 'explorer . exe' Killing PID 716 'explorer . exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS . exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer . com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui . dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui . dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet . dll ~~~ CLEAN! :) Thanks once again . Hey also let me know any good anti virus/firewalls . Is PC celin any good . How do I turn on Windows XP firewall on . . . .	mi2dear (10556)
463372	2006-06-16 09:50:00	XP's firewall isnt that good . As it only blocks incoming not outgoing traffic . I would also update Opera to Opera 8 . 54 ( . opera . com/download/" target="_blank">www . opera . com) . Which is the latest release version . Altho there are beta versions of Opera 9 now ( . opera . com/desktopteam/blog/" target="_blank">my . opera . com) . BUT, this is still a bit buggy .	Speedy Gonzales (78)
463373	2006-06-16 09:54:00	Run HJT and fix this item and delete the (red) file and you should then be all done . O4 - HKLM\ . . \Run: [USB] C:\WINDOWS\system32\usb . exe C:\WINDOWS\system32\usb . exe I dont know much about AttackShield so I will leave that up to you .	Pancake (6359)
463374	2006-06-16 10:44:00	Hi guys, Here is the lates HJT log file. Please tell me my PC is clean,,,,,,,, I have removed attack shield as well. Please tell of some good anti virus....... Logfile of HijackThis v1.99.1 Scan saved at 9:36:14 PM, on 16/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\ Yahoo! \Messenger\ymsgr_tray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4rq13khl.slt\prefs.j s) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: Cash4Action Bar - {AFDF828B-490E-43c4-A92C-BCC6D482C770} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0819.dll O9 - Extra button: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O9 - Extra 'Tools' menuitem: Cash4Action Bar - {8584F7F8-479C-4c78-9AC1-EEB18D89A8CA} - C:\Program Files\Internet Explorer\PLUGINS\cash4action.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - imgfarm.com O18 - Protocol: bw+0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {498B875F-FC08-4E39-B5E0-B5EAE6986E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe	mi2dear (10556)
463375	2006-06-16 11:04:00	Can't help with your hijack log, but can tell you to use the Netguide or PC World mag, and at least install AVG anti virus, and Zone Alarm . The will be better than nothing, until you decide what is the better anti virus and firewalls to use . I tell you to use those, as they are free, both of them, and are usually found in either publication, and you don't have to come back on line unprotected to download them . Good luck but get at least those programs up and running quick .	supergran (108)
463376	2006-06-16 11:55:00	Well done . All bugs gone . . . . . . If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure . . If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile: Run Disk Cleanup Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure the following are checked: -- Downloaded Program Files -- Temporary Internet Files -- Recycle Bin -- Temporary Files Click "OK" and Disk Cleanup will delete those files for you . Now that you are clean its now is a good time to flush out your restored files . To flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this . ) Go to Start>Run and type msconfig Press enter . When msconfig opens, click the Launch System Restore Button . On the next page, click the System Restore Settings Link on the left . Check the box labeled Turn Off System Restore . Reboot . Go back in and turn System Restore ON . A new Restore Point will be created . How Do I Protect My Computer Against Future Malware Now I'm Clean . NOTE:You may have already taken some of these steps . Update your anti-virus software & Windows operating system on a daily or weekly basis . Microsoft also distributes updates to its operating systems . These updates fix security holes or other problems that make a computer susceptible to security breaches . How to update your Windows operating system (http://www . windowsupdate . com/) Know What You're Installing Check the source . To avoid malware, make sure your software comes from a reputable source . Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection . Use Custom Install . If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install) . Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware) . Modify Security Settings (Internet Explorer 6) To reduce the risk of installing malware, you can set Internet Explorer to high security mode . To do so: Open Internet Explorer . Go to Tools > Internet Options… . On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected) . Under Security level for this zone, click Default Level . Set the slider to High . Note: You may have to lower the security level to view certain Web sites . Next, select the Trusted Sites icon . Under Security level for this zone, click Default Level . Set the slider to Medium . Click Apply, then OK to save the changes . Some Recommended Protection Programs Each tool has its own strengths for identifying and removing specific types of malware . To thoroughly check your computer, its recommend that you use more than one malware removal program . Don't forget to back up your data files before starting a scan! Some available programs are: Ad-Aware (http://www . lavasoft . com/) SpyBot Search & Destroy ( . safer-networking . org/en/index . html" target="_blank">www . safer-networking . org) Now that you are clean, to help protect your system I recommend that you get the following free programs: SpywareBlaster ( . javacoolsoftware . com/spywareblaster . html" target="_blank">www . javacoolsoftware . com) to help prevent spyware from installing . SpywareGuard ( . javacoolsoftware . com/spywareguard . html" target="_blank">www . javacoolsoftware . com) to catch and block spyware . IESpy-Ad ( . aumha . org/secure . htm" target="_blank">www . aumha . org)to block access to malicious websites so you cannot be redirected to them from an infected site or email . WinPatrol (http://www . winpatrol . com/) to monitor any changes that programs make to the registry . If you do not have a firewall, here is a free one for personal use: ZoneAlarm (http://www . zonelabs . com/) . zonelabs . com/store/content/company/products/trial_zaFamily/trial_zaFamily . jsp?lid=home_freedownloads" target="_blank">www . zonelabs . com . zonelabs . com/store/content/company/products/znalm/comparison . jsp?dc=12bms&ctry=US&lang=en&lid=ho_za" target="_blank">www . zonelabs . com Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List . It will save you a lot of grief, as well as money if you are thinking of purchasing . Here is the link: . spywarewarrior . com/rogue_anti-spyware . htm" target="_blank">www . spywarewarrior . com If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: . spywarewarrior . com/asw-test-guide . htm" target="_blank">www . spywarewarrior . com Here is a helpful article: "So how did I get infected in the first place?" . biz/postlite7736- . html" target="_blank">computercops . biz Let us know if we have not resolved your problem . Otherwise, you are good to go . Happy and Safe Surfing!	Pancake (6359)
463377	2006-06-16 12:27:00	Hi Pancake, You are a genius. Cheers: I have downloaded and installed spywareblaster, IE Spyad, Zone alarm(downloading at the moment) and AVG anti virus. One last thing. During the start of this journey of disinfecting the PC I downloaded spyware doctor. When I scan the system with thiss, it still shows that some files are infected and there is still spyware quake on the PC.... Does this make any sense. Please advise	mi2dear (10556)
1 2 3 4