Results 1 to 6 of 6

Thread: hijack?

  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    6
    Points
    0

    Default hijack?

    i have posted this here as i am following the detectives instructions please help i have avg virus protector i am running windows 2000


    Logfile of HijackThis v1.99.1
    Scan saved at 21:32:33, on 24/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\explorer.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINNT\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
    O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150370853531
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.co...x/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D6D8B2F-F74D-4A81-8B34-4371427A57EE}: NameServer = 80.225.255.50 80.225.255.58
    O18 - Protocol: bw+0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {00FF9083-2E60-4C4A-8E77-73EDE58B751C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINNT\smss.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)

  2. #2
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    I would suggest you uninstall Logitech Desktop Messenger. This is the reason for all those 018 entries in your log. They will just keep multiplying whilst you use that program.

    ------------------------------

    Boot to safe mode ....open HijackThis ... click on scan ... put a tick/check mark next to these entries IF they are present ...

    F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe

    O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe

    018 - ALL THESE

    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)


    -------------------



    -------------------

    Next go here ....

    http://www.help2go.com/Tutorials/Pro...tructions.html

    ....and install/scan with the Ewido Security Suite (saving the final log report for posting here).

    -------------------

    In your next post please include ....

    > the Ewido scan report

    > a fresh HJT log

    and ...

    > an update on how your computer is operating now.

    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    6
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 00:36:19, on 25/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINNT\system32\LVCOMSX.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
    O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150370853531
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.co...x/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D6D8B2F-F74D-4A81-8B34-4371427A57EE}: NameServer = 80.225.255.50 80.225.255.58
    O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINNT\smss.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)

  4. #4
    Member
    Join Date
    Jul 2006
    Posts
    6
    Points
    0

    Default ewido

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 00:01:45 25/07/2006

    + Scan result:



    C:\WINNT\icont.exe -> Adware.AdURL : No action taken.
    C:\WINNT\system32\ecpcckda.dll -> Adware.PurityScan : No action taken.
    C:\WINNT\system32\netdde.dll -> Adware.PurityScan : No action taken.
    C:\WINNT\Temp\zgCF.tmp -> Adware.Surfside : No action taken.
    HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    C:\WINNT\system32\config\pinkbits.exe -> Adware.Virtumonde : No action taken.
    C:\Program Files\whInstall -> Adware.Webhancer : No action taken.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0D4BO7A3\crap[1].exe/drnew.exe -> Downloader.Adload.bo : No action taken.
    C:\drsmartload45o.exe -> Downloader.Adload.ck : No action taken.
    C:\drsmartload45p.exe -> Downloader.Adload.ck : No action taken.
    C:\drsmartload45q.exe -> Downloader.Adload.ck : No action taken.
    C:\drsmartload45r.exe -> Downloader.Adload.ck : No action taken.
    C:\drsmartload45s.exe -> Downloader.Adload.ck : No action taken.
    C:\Program Files\Common Files\WVnSxS\spool32.exe -> Downloader.PurityScan.co : No action taken.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0D4BO7A3\q1crack[1].exe -> Downloader.Small : No action taken.
    C:\WINNT\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : No action taken.
    C:\q1win.exe -> Downloader.Small : No action taken.
    C:\kybrdb_2.exe -> Hijacker.VB.fc : No action taken.
    C:\nwnmb_2.exe -> Hijacker.VB.fc : No action taken.
    C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\WINNT\Temp\Cookies\dak@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\WINNT\Temp\Cookies\dak@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\WINNT\Temp\Cookies\dak@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@ehg-atariinc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@ehg-ypcorp.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\WINNT\Temp\Cookies\dak@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\DAK\Local Settings\Temp\Cookies\dak@overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@overture[2].txt -> TrackingCookie.Overture : No action taken.
    C:\WINNT\Temp\Cookies\dak@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
    C:\Documents and Settings\Default User\Cookies\system@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
    C:\WINNT\Temp\Cookies\dak@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\DAK\Cookies\dak@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


    ::Report end

  5. #5
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Hi vicki

    You might find it useful to print this out to help you follow the advice.


    Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

    [Remember to reverse this and re-hide these files & folders when your computer is fixed]

    -------------------

    We need to disable an 023 service ...

    go to Start > Run and type Services.msc > click OK

    Scroll down and find the service called Microsoft Windows Spooler Service

    double-click on it

    click the Stop button

    change the Startup Type to "Disabled"

    click Apply and then OK

    close any open windows

    run HijackThis...

    click "Open Misc Tools Section"

    click "delete an NT service"

    enter Windows Spooler Service

    click OK

    close HijackThis

    -------------------

    Boot to safe mode ....open HijackThis ... click on scan ... put a tick/check mark next to these entries IF they are present ...

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)


    -------------------

    Go to these files and folders in bold and delete them IF present…


    Let us know which ones you couldn't find/delete ...

    Files …
    C:\WINNT\icont.exe
    C:\WINNT\system32\ecpcckda.dll
    C:\WINNT\system32\netdde.dll
    C:\WINNT\system32\config\pinkbits.exe
    C:\drsmartload45o.exe
    C:\drsmartload45p.exe
    C:\drsmartload45q.exe
    C:\drsmartload45r.exe
    C:\drsmartload45s.exe
    C:\Program Files\Common Files\WVnSxS
    C:\q1win.exe
    C:\kybrdb_2.exe
    C:\nwnmb_2.exe
    C:\WINNT\Downloaded Program Files\popcaploader.dll


    Folders …
    C:\Program Files\whInstall

    SurfSideKick3 … search for this and delete any instances of it that you find.

    -------------------

    Next download CleanUp! here….. http://www.cleanup.stevengould.org/ ...

    *WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

    Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

    -------------------

    Re scan with Ewido and save the log report as you did before.

    -------------------

    In your next post please include ....

    > the Ewido scan report

    > a fresh HJT log

    and ...

    > an update on how your computer is operating now. ... We need feedback from you at each stage so we know how things are going. You didn't mention it last time.


    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  6. #6
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Topic closed due to lack of response for user.

    Vicki ... if you want to reopen this discussion that's fine. Just PM a moderator. They will reopen it for you.

    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html