IEatHardDrives Posted September 20, 2005 Report Share Posted September 20, 2005 Logfile of HijackThis v1.99.1Scan saved at 12:54:07 PM, on 9/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\dmadmin.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Media Access\MediaAccK.exeC:\WINDOWS\etb\pokapoka69.exeC:\Program Files\Media Access\MediaAccess.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\WINDOWS\SYSTEM32\osk.exeC:\WINDOWS\SYSTEM32\MSSWCHX.EXEC:\Program Files\Winamp\Winamp.exeC:\Program Files\Valve\Steam\Steam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exeC:\DOCUMENTS AND SETTINGS\JUSTIN PARKER\DESKTOP\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exeO4 - HKLM\..\Run: [system service69] C:\WINDOWS\etb\pokapoka69.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserverO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO18 - Protocol: bw+0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 20, 2005 Report Share Posted September 20, 2005 (edited) If you are not using Logitech Desktop Manager, please uninstall it:Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:Logitech Desktop ManagerThen reboot your computer----------------------------------------------Download LQfix.exe and place it on your desktop.Doubleclick LQfix.exe and click install.Leave the default settings. If you change them, the fix will fail.Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.Follow the prompts on the screen.Your system will reboot afterwards.Please be patient after reboot, because there is a script running in the background.Then reboot once more and post a fresh HijackThis log Edited September 20, 2005 by didom Link to post Share on other sites
IEatHardDrives Posted September 21, 2005 Author Report Share Posted September 21, 2005 I need the Desktop Manager and I could not get that LQFix to work.Logfile of HijackThis v1.99.1Scan saved at 10:33:20 AM, on 9/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\etb\pokapoka69.exeC:\WINDOWS\system32\OSK.exeC:\WINDOWS\system32\MSSWCHX.EXEC:\WINDOWS\system32\devldr32.exeC:\HijackThis.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [system service69] C:\WINDOWS\etb\pokapoka69.exeO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO18 - Protocol: bw+0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 21, 2005 Report Share Posted September 21, 2005 I could not get that LQFix to work.What went wrong?Please try this:Please download miekiemoes' LQfix batch here:http://users.telenet.be/bluepatchy/miekiem...tools/LQfix.zipUnzip it to the desktop but do NOT run it yet.Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.For additional help in booting into Safe Mode, see the following site:http://www.pchell.com/support/safemode.shtmlOnce in Safe Mode, please run LQfix.bat. When finished, restart your computer in normal mode and please post a new HijackThis log. Link to post Share on other sites
IEatHardDrives Posted September 21, 2005 Author Report Share Posted September 21, 2005 Logfile of HijackThis v1.99.1Scan saved at 1:33:14 PM, on 9/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\OSK.exeC:\WINDOWS\system32\MSSWCHX.EXEC:\WINDOWS\system32\devldr32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\HijackThis.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO18 - Protocol: bw+0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 21, 2005 Report Share Posted September 21, 2005 (edited) Scan again with HijackThis and check the following items:O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exeAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Make sure all hidden files and folders are visible (Instructions )Reboot your computer into safe mode (Instructions) Find and delete these files and folders (if they are still there):C:\Program Files\Media Access <= this folderReboot your computer back into normal mode.Your log shows that you have disabled some startup programs using MSConfig.This is not recommended because I cannot clearly see everything that is loading on your computer at startup.To enable all startup items quickly please follow these instructions:Start | Run | type msconfig | OKIf not already selected go to the General tab.Under Startup Selection select "Normal Startup - load all device drivers and services".Click Apply and then Close.When given the option, please choose to restart the computer.Post a new log when you are done. Edited September 21, 2005 by didom Link to post Share on other sites
IEatHardDrives Posted September 22, 2005 Author Report Share Posted September 22, 2005 I think Media Access is goneLogfile of HijackThis v1.99.1Scan saved at 9:23:25 PM, on 9/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\OSK.exeC:\WINDOWS\system32\MSSWCHX.EXEC:\WINDOWS\system32\devldr32.exeC:\Program Files\Valve\Steam\Steam.exeC:\HijackThis.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO18 - Protocol: bw+0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {13887F1A-77E3-48CE-A2C2-DF0A3859B7A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 22, 2005 Report Share Posted September 22, 2005 Run Panda's online virus scan and perform a full system scan: Panda ActiveScanSave the scan log and post it along with a new HijackThis Log in your next reply. Link to post Share on other sites
IEatHardDrives Posted September 22, 2005 Author Report Share Posted September 22, 2005 Ok it found 5 Viruses it deleted them 1 hacker tool I deleted it and 8 spyware programs.Logfile of HijackThis v1.99.1Scan saved at 12:01:00 PM, on 9/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\devldr32.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\WINDOWS\SYSTEM32\osk.exeC:\WINDOWS\SYSTEM32\MSSWCHX.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\HijackThis.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 22, 2005 Report Share Posted September 22, 2005 Please run the scan again and post the log.... Link to post Share on other sites
IEatHardDrives Posted September 22, 2005 Author Report Share Posted September 22, 2005 Logfile of HijackThis v1.99.1Scan saved at 12:54:31 PM, on 9/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\OSK.exeC:\WINDOWS\system32\MSSWCHX.EXEC:\WINDOWS\system32\devldr32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\HijackThis.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JAPO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = JAPO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
didom Posted September 22, 2005 Report Share Posted September 22, 2005 I mean the scanlog from panda, not a fresh HijackThis log... Link to post Share on other sites
IEatHardDrives Posted September 22, 2005 Author Report Share Posted September 22, 2005 LOL sry I dont have it but I checked it and deleted the spyware and the hacker tool and the 5 viruses where deleted. Link to post Share on other sites
didom Posted September 22, 2005 Report Share Posted September 22, 2005 Ok, your HijackThis log is also clean....This log looks clean!Don't forget to re-hide all files and folders. To re-hide all files and folders: Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading deselect "Show hidden files and folders". Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.[*]This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. Please post back if you are still having any problems.... Link to post Share on other sites
IEatHardDrives Posted September 22, 2005 Author Report Share Posted September 22, 2005 TY. Link to post Share on other sites
didom Posted September 22, 2005 Report Share Posted September 22, 2005 YW Link to post Share on other sites
Recommended Posts