Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 22.1.2025 / 18:26
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logfile of hijackthis v1.99.1
Show topics
 
Forums
Forums
Logfile of HijackThis v1.99.1
  Jump to:
 
Posted Message
technique
Newbie
_ 		1. September 2006 @ 15:36 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 00:36:07, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCODEC\isamonitor.exe
C:\Program Files\PCODEC\pmsngr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PCODEC\isamini.exe
C:\Program Files\PCODEC\pmmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\limewire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cclcomputers.co.uk
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\PCODEC\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cclcomputers.co.uk
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://freedomsolitairee.spaces.live.com...ad/MsnPUpld.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c266.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAD5831-E686-4A36-905B-6F63D5133E32}: NameServer = 80.189.92.2 80.189.94.2
O18 - Protocol: bw+0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {453D547E-C894-4A79-AE66-AACDEC670133} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

anyone who can help?
[ + quote]
maca1
Senior Member
_ 		1. September 2006 @ 15:46 _ Link to this message    Send private message to this user   
Go to Start>>Control Panel>>Add or Remove Programs and uninstall Logitech Desktop Messenger

Please download SmitfraudFix (by S!Ri)
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop


* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.


.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.




* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop




Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!


post another hijack this log, the ewido, smitfraud and active scan logs
[ + quote]

This message has been edited since posting. Last time this message was edited on 1. September 2006 @ 15:47
technique
Newbie
_ 		2. September 2006 @ 05:22 _ Link to this message    Send private message to this user   
SmitFraudFix v2.83

Scan done at 13:26:05.76, 02/09/2006
Run from C:\smitfradfix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

======================================

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:07:40 02/09/2006

+ Scan result:



C:\Documents and Settings\donna\Local Settings\Temporary Internet Files\Content.IE5\GH2F0LEN\Messenger[1].exe -> Adware.180Solutions : No action taken.
C:\Program Files\IM Names\1.exe/main.exe -> Adware.2Search : No action taken.
C:\Program Files\IM Names\IMNames.exe -> Adware.2Search : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\H7BFXPSE\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\donna\Cookies\donna@starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\donna\Cookies\donna@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\kim\Cookies\kim@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\lee\Cookies\lee@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\donna\Desktop\IM-Names.exe/IM-svr.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\donna\Local Settings\Temporary Internet Files\Content.IE5\07D3IY7X\IM-Names[1].exe/IM-svr.exe -> Trojan.Small : No action taken.


::Report end

===================================

Unfortunately the Panda online scan didn't work. Every attempt to run it resulted in an error message. Rebooted several times to no effect.

However my homepage is no longer hijacked by pest trap so thanx for the advice as all now appears fine... till the next time.
[ + quote]
Advertisement
_ 		__
 
_
maca1
Senior Member
_ 		2. September 2006 @ 12:10 _ Link to this message    Send private message to this user   
rescan with ewido and make sure you click apply all actions or it won't do anything post a new HjT log, more may need to be done.
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logfile of hijackthis v1.99.1
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork