Hello everyone,
I have trying to remove this spyware and have not had any success. Whenever I go online, the "default" web page is now www.syserrors.com. I'm getting bombarded with pop ups and it's very annoying. I've used microsoft software beta and AVG anti-virus but it's still there. Any advise would be much appreciated.
Thanks!
Full Version: spyware/adware
Hi gladtaka,
Let's have a look at a HijackThis Log.
If you don't already have HijackThis, Download HijackThis from
http://www.spywareinfo.com/~merijn/files/HijackThis.exe and create a log.
Save HijackThis to a folder other than your Desktop or the Temp folder.
Save it in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
Run the program, and press "Do a system scan and save a logfile".
After HJT runs, the log will show (notepad will open).
After notepad opens, click edit – select all then edit –copy .
Then paste that log onto this topic.
DO NOT Delete or modify anything yet, as some of it is needed to keep your system in Good Shape.
Follow this link http://home.planet.nl/~kleyn080/hijackthi-- The nicest hobby on Earth ;) --planation.html if you need help.
Let's have a look at a HijackThis Log.
If you don't already have HijackThis, Download HijackThis from
http://www.spywareinfo.com/~merijn/files/HijackThis.exe and create a log.
Save HijackThis to a folder other than your Desktop or the Temp folder.
Save it in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
Run the program, and press "Do a system scan and save a logfile".
After HJT runs, the log will show (notepad will open).
After notepad opens, click edit – select all then edit –copy .
Then paste that log onto this topic.
DO NOT Delete or modify anything yet, as some of it is needed to keep your system in Good Shape.
Follow this link http://home.planet.nl/~kleyn080/hijackthi-- The nicest hobby on Earth ;) --planation.html if you need help.
Hello Autodad,
I did as you suggested and here's what I got:
Logfile of HijackThis v1.99.1
Scan saved at 4:49:41 PM, on 11/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpD688.tmp
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: bw+0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
Please let me know what I need to do next.
Thanks,
gladtaka
I did as you suggested and here's what I got:
Logfile of HijackThis v1.99.1
Scan saved at 4:49:41 PM, on 11/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpD688.tmp
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: bw+0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0AC1AC8A-557D-4517-BB83-2DA2CAE4DE11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
Please let me know what I need to do next.
Thanks,
gladtaka
Hi gladtaka,
You have a few different infections, so this will take a few tries to clean.
Not having your Windows up-to-date is one of the reasons that you have so many infections showing.
More on that later...
There appears to be some CoolWeb infection. Please download the latest version of CWShredder here: CWShredder.exe
Run it, check it for any updates, then click "Fix" (not Scan only) and let it fix all the variants it finds.
Then Reboot.
_ _ _ _
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Please download, install, and update the free version of Ewido Security Suite:
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpD688.tmp
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107
All the O18 - Protocol: entries
Now Close all open Windows (have only HJT open) and click "Fix Checked".
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Now open Ewido Security Suite
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
More work will be needed.
You have a few different infections, so this will take a few tries to clean.
Not having your Windows up-to-date is one of the reasons that you have so many infections showing.
More on that later...
There appears to be some CoolWeb infection. Please download the latest version of CWShredder here: CWShredder.exe
Run it, check it for any updates, then click "Fix" (not Scan only) and let it fix all the variants it finds.
Then Reboot.
_ _ _ _
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Please download, install, and update the free version of Ewido Security Suite:
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main Ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes, the status bar at the bottom will display "Update successful"
- Exit Ewido. DO NOT run a scan yet.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpD688.tmp
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107
All the O18 - Protocol: entries
Now Close all open Windows (have only HJT open) and click "Fix Checked".
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Now open Ewido Security Suite
- Click on Scanner
- Click on Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
- Close Ewido
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
More work will be needed.
Hello Autodad,
Wow...that took a while. I just want to mention that when I ran HijackThis I did not have all the entries that came up initially:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
and
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
The new HijackThis Logfile is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 5:23:31 AM, on 11/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
The report from Ewido scan is as follows:
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:14:19 PM, 11/6/2005
+ Report-Checksum: A2E24F19
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970}\TypeLib\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} -> Spyware.ClearSearch : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\EACDownload\can_temp.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\EACDownload\defscan_install.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@ehg-dig.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@php.offshoreclicks[2].txt -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\upd14.tmp/ME.dll -> Spyware.MediaPops : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde44.tmp/bdeload.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde46.tmp/BDEplayer3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde49.tmp/BDEengine3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4B.tmp/bdeimage.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4D.tmp/BDEwrapper3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4F.tmp/BDESac24.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde51.tmp/BDESac10.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\upd12.tmp/ME.dll -> Spyware.MediaPops : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\PurityScan -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@php.offshoreclicks[1].txt -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@diginet.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000025.exe -> Spyware.OrbitView : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000292.exe -> TrojanDownloader.Zlob.ba : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000455.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000500.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000501.dll -> Adware.Gator : Cleaned with backup
::Report End
Finally the smitRem tool log:
smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 11/06/2005
The current time is: 21:24:16.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Center.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
oleext.dll
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
Thanks for all your help,
gladtaka
Wow...that took a while. I just want to mention that when I ran HijackThis I did not have all the entries that came up initially:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
and
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
The new HijackThis Logfile is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 5:23:31 AM, on 11/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
The report from Ewido scan is as follows:
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:14:19 PM, 11/6/2005
+ Report-Checksum: A2E24F19
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970}\TypeLib\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} -> Spyware.ClearSearch : Cleaned with backup
HKU\S-1-5-21-436374069-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\EACDownload\can_temp.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\EACDownload\defscan_install.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@ehg-dig.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@php.offshoreclicks[2].txt -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\Cookies\taka matayoshi@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\upd14.tmp/ME.dll -> Spyware.MediaPops : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde44.tmp/bdeload.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde46.tmp/BDEplayer3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde49.tmp/BDEengine3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4B.tmp/bdeimage.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4D.tmp/BDEwrapper3.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde4F.tmp/BDESac24.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\BDECache\bde51.tmp/BDESac10.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Local Settings\Temp\upd12.tmp/ME.dll -> Spyware.MediaPops : Error during cleaning
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Start Menu\Programs\PurityScan -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@php.offshoreclicks[1].txt -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Taka Matayoshi\Cookies\taka matayoshi@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@diginet.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Taka\Cookies\taka@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000025.exe -> Spyware.OrbitView : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000292.exe -> TrojanDownloader.Zlob.ba : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000455.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000500.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{A0D15FB7-DA21-4591-A24D-EA20C96AFE15}\RP2\A0000501.dll -> Adware.Gator : Cleaned with backup
::Report End
Finally the smitRem tool log:
smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 11/06/2005
The current time is: 21:24:16.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Center.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
oleext.dll
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
Thanks for all your help,
gladtaka
Hi gladtaka,
You're welcome.
Sorry it took so long, but with new infections these days, more tools are needed to clean them.
That's why you really need to get to Windows Update, keep you A/V updated, and use a Firewall......
Looks clean, good job!
If you're not having any problems, then here are some suggestions to clean/protect your PC:
(Some may be redundant, so only use those that apply...)
I recommend that you get AdAware SE
Install The Program and Run it. Make Sure You Click the "Check for Updates" Button before starting a scan.
Do a scan with AdAware and Remove Everything it suggests.
Then, also get Spybot: Search and Destroy
Check for Updates first, download ALL Updates and Do a Scan.
When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.
Keep them updated, and run them periodically.
_ _ _ _ _
Then click Start | Run (type) cleanmgr
Select the following:
1) Temporary Internet Files
2) Recycle Bin
3) Temporary Files
When completed Reboot.
_ _ _ _ _
Also go to Windows Update to keep up on all the latest security patches that apply to your PC.
Check Windows' Update site frequently, as new patches come out often. You don't need to install all the updates offered, but ALWAYS get the latest security updates available.
_ _ _ _ _
Then, it is not an option these days to be on the internet without and Updated Anti-Virus. If you have one, check it for updates frequently (or set it to "Auto" update). If you don't have one, or can't afford one, a good free one to use is AVG .
Have a look at this link: http://www.mvps.org/winhelp2002/avg7.htm
Just as it is important to have an updated Anti-virus, it's equally important to have a Firewall these days. Again, if you can't afford one, this is a good free one:
Sygate Personal Firewall.
_ _ _ _ _
Then I recommend you clean out your System Restore
Doing this will remove all your restore points, and any infections that might be hanging in there.
Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Check the "Turn off System Restore" or "Turn off System Restore on all drives".
Click Apply.
Click Yes to do this.
Click OK.
Then Restart your computer.
After you have restarted, turn System Restore back on:
Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Uncheck the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
_ _ _ _ _
Here is a link that explains how to Clear Out Forgotten Programs, Free Up Wasted Space, Defragment Your Computer, etc...
http://www.microsoft.com/windowsxp/using/s...estoreperf.mspx
_ _ _ _ _
Here are some good links to follow to make your Internet Explorer more secure:
http://www.mvps.org/winhelp2002/restricted.htm
http://mvps.org/winhelp2002/unwanted.htm
_ _ _ _ _
Here is some free protection you should also consider:
Download and install:
SpywareBlaster will block bad ActiveX and malevolent cookies.
IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Check them for updates occasionally.
And also see Tony Klein's fine article:
So how did I get infected in the first place?
Let us know if you have any concerns,
Stay safe!
You're welcome.
Sorry it took so long, but with new infections these days, more tools are needed to clean them.
That's why you really need to get to Windows Update, keep you A/V updated, and use a Firewall......
Looks clean, good job!
If you're not having any problems, then here are some suggestions to clean/protect your PC:
(Some may be redundant, so only use those that apply...)
I recommend that you get AdAware SE
Install The Program and Run it. Make Sure You Click the "Check for Updates" Button before starting a scan.
Do a scan with AdAware and Remove Everything it suggests.
Then, also get Spybot: Search and Destroy
Check for Updates first, download ALL Updates and Do a Scan.
When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.
Keep them updated, and run them periodically.
_ _ _ _ _
Then click Start | Run (type) cleanmgr
Select the following:
1) Temporary Internet Files
2) Recycle Bin
3) Temporary Files
When completed Reboot.
_ _ _ _ _
Also go to Windows Update to keep up on all the latest security patches that apply to your PC.
Check Windows' Update site frequently, as new patches come out often. You don't need to install all the updates offered, but ALWAYS get the latest security updates available.
_ _ _ _ _
Then, it is not an option these days to be on the internet without and Updated Anti-Virus. If you have one, check it for updates frequently (or set it to "Auto" update). If you don't have one, or can't afford one, a good free one to use is AVG .
Have a look at this link: http://www.mvps.org/winhelp2002/avg7.htm
Just as it is important to have an updated Anti-virus, it's equally important to have a Firewall these days. Again, if you can't afford one, this is a good free one:
Sygate Personal Firewall.
_ _ _ _ _
Then I recommend you clean out your System Restore
Doing this will remove all your restore points, and any infections that might be hanging in there.
Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Check the "Turn off System Restore" or "Turn off System Restore on all drives".
Click Apply.
Click Yes to do this.
Click OK.
Then Restart your computer.
After you have restarted, turn System Restore back on:
Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Uncheck the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.
Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
_ _ _ _ _
Here is a link that explains how to Clear Out Forgotten Programs, Free Up Wasted Space, Defragment Your Computer, etc...
http://www.microsoft.com/windowsxp/using/s...estoreperf.mspx
_ _ _ _ _
Here are some good links to follow to make your Internet Explorer more secure:
http://www.mvps.org/winhelp2002/restricted.htm
http://mvps.org/winhelp2002/unwanted.htm
_ _ _ _ _
Here is some free protection you should also consider:
Download and install:
SpywareBlaster will block bad ActiveX and malevolent cookies.
IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Check them for updates occasionally.
And also see Tony Klein's fine article:
So how did I get infected in the first place?
Let us know if you have any concerns,
Stay safe!
Hello Autodad,
Could not have done it without your help and expertise.
YOU DA MAN!
Sincerely,
gladtaka
Could not have done it without your help and expertise.
YOU DA MAN!
Sincerely,
gladtaka
You're 
gladtaka.
Stay safe!
gladtaka.Stay safe!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.