Taskbar pop-ups, Virus

Computing.Net > Forums > Security and Virus > Taskbar pop-ups, Virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Taskbar pop-ups, Virus

Name: Jah Kuhl Sa
Date: March 7, 2006 at 15:25:29 Pacific
OS: Windows XP Home SP2
CPU/Ram: 256 MB/Celeron 2.0 GHz
Product: hp pavilion 533w

Comment:

Recently I have a icon in the taskbar that says "Virus Alert!" and it's a red icon with a white X that also changes to a windows update icon. Two messages keep popping up saying "Your computer is infected." and "System Alert: Spyware Detected." My default homepage is now directed to http://www.securitysafeguards.net/ and I get a lot of random pop-ups. Please help me get this nuisance off my computer.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 7, 2006 at 15:51:27 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: Jah Kuhl Sa
Date: March 7, 2006 at 17:15:06 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 6:13:32 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\VISION~1\ONETOU~2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=nascarknutt&key=68232a72a46457048b635884ba814619&ts=41703043&A=188651590011839&B=1066287600000&C=1066287600000&D=1074758400000&I=7.NH4&N=PL&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp9E62.tmp
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.exe
O4 - HKLM\..\Run: [Antispy] C:\Program Files\Defender Pro\AntiSpy\Dpas.exe startup
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Civilization Registration.lnk = E:\ATR1.exe
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48326BB7-0C24-4284-91EE-21AA347DB224} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48326BB7-0C24-4284-91EE-21AA347DB224} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141596212171
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O18 - Protocol: bw+0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Response Number 3

Name: XpUser4Real
Date: March 7, 2006 at 17:29:18 Pacific

Reply:

Copy and paste your results into this free
Hi-Jack This analyzer
You'll have an idea of what your problems are....I see lots of nasties on your PC
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 4

Name: jabuck
Date: March 7, 2006 at 18:13:58 Pacific

Reply:

Download killbox from this link Killbox we will need it in safe mode later.
Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe
Open the file and it will extract itself to a new folder called SmitRem.
Reboot into safe mode by following these directions:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient.
Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Run HT from safe mode,close any open windows or browsers except HT, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp9E62.tmp
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
While still in safe mode double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
C:\WINDOWS\system32\mssearchnet.exe

C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\System32\formatsys.exe
C:\WINDOWS\msmbw.exe
C:\WINDOWS\System32\system.exe
Reboot into normal mode and run HT to remoe anuy items that may not have shown up in safe mode.
Run ewido from safe mode and post its log.
Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.
Post a new HT log

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

Response Number 5

Name: Abnormal
Date: March 7, 2006 at 18:55:06 Pacific

Reply:

You may want to run this tool also.
Symantec W32.Serflog.A Free Removal Tool 1.1.2

windows update needs to restart keeps popping up suggestion box responses google pop up virus	taskbar location protection center virus pop ups virus
See More

Response Number 6

Name: Jah Kuhl Sa
Date: March 7, 2006 at 20:58:59 Pacific

Reply:

The icons on the taskbar appear to be gone and no more pop-ups occur. Also, my homepage does not go the site that it previously went to. I have yet to run the Panda online scan, but when I do I will update you. Thanks everybody for your help, your a life and computer saver!
Here is my new logfile:
Logfile of HijackThis v1.99.1
Scan saved at 9:57:03 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\VISION~1\ONETOU~2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=nascarknutt&key=68232a72a46457048b635884ba814619&ts=41703043&A=188651590011839&B=1066287600000&C=1066287600000&D=1074758400000&I=7.NH4&N=PL&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.exe
O4 - HKLM\..\Run: [Antispy] C:\Program Files\Defender Pro\AntiSpy\Dpas.exe startup
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Civilization Registration.lnk = E:\ATR1.exe
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141596212171
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O18 - Protocol: bw+0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {023BD620-DF32-4324-B4DB-E42F020D67E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Response Number 7

Name: jabuck
Date: March 8, 2006 at 03:32:50 Pacific

Reply:

Run HT again and remove these items:
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
Then use killbox to delete these files:
C:\WINDOWS\System32\formatsys.exe
C:\WINDOWS\msmbw.exe
C:\WINDOWS\System32\formatsys.exe (Yes delete it two times)

Response Number 8

Name: Jah Kuhl Sa
Date: March 8, 2006 at 15:10:18 Pacific

Reply:

I went through and got rid of the rest of the items with HT. However, when I tried to use Killbox on the other items, it said that the files "do not seem to exist."
I ran the Panda scan and there were some shocking results. Should I post the results of the Panda scan? And the icon in the taskbar is still there, but the rest of the problem is fixed.

Response Number 9

Name: asus
Date: March 11, 2006 at 09:52:46 Pacific

Reply:

jabuck: I'm having the same problem but I can't figure out what files to delete. I have my log file from hijackthis and will post it below. Any help you can offer is greatly appreciated.
ASUS
Logfile of HijackThis v1.99.1
Scan saved at 12:38:10 PM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13492a697fffd2c74722/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131156566734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131156552218
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30043.www3.hp.com/netassist/en/check/install/gtdownhp.cab?1,0,0,94
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe

Response Number 10

Name: jabuck
Date: March 11, 2006 at 12:31:49 Pacific

Reply:

Run Ht again, close all windows and browsers except HT, place a check to the left of the following items and press"fix checked":
O4 - Global Startup: palstart.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13492a697fffd2c74722/netzip/RdxIE601.cab
Do a search for (palstart.exe) sometimes resides in:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
The delete all instances in the palstart.exe files if found.
Run ATF-Cleaner in safe mode. Reboot into safe mode by following the directions Here
Download
http://www.atribune.org/content/view/19/2/ by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode and run Ewido.
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log.
Be sure to alert me when you post back.

Response Number 11

Name: jabuck
Date: March 11, 2006 at 14:28:05 Pacific

Reply:

Jah Kuhl Sa
Run HT again, close all windows and browsers and remove these items:
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - Startup: Civilization Registration.lnk = E:\ATR1.exe
All of the 018"s
Reboot into safe mode and navigate to and delete these files if found:
C:\WINDOWS\System32\formatsys.exe (may be two of these)
C:\WINDOWS\msmbw.exe

Response Number 12

Name: asus
Date: March 11, 2006 at 21:23:00 Pacific

Reply:

Oh man, I just went through hell and back. I ran smitrem, then HT and made that log file for you. My PC seriously crashed after that and wouldn't boot into normal mode. After about 5 boots into safemode I backed everything up onto DVD and got ready for a reinstall of XP pro, but it magically cleared itself up. I had run winsockfix at some point in the process, so it may have helped. I'm not sure what fixed it, but the toolbar is gone and everything seems perfect. Thanks for your help.
Palstart is an okay program btw, I believe it is paltalk, a program I use to have conference calls with investors.
You're obviously very knowledgeable with all this stuff, I appreciate your time very much, but everything seems okay at the moment.
Best regards,
ASUS

Response Number 13

Name: jabuck
Date: March 12, 2006 at 05:41:55 Pacific

Reply:

asus, Read this Paltalk.exe info

Response Number 14

Name: Jah Kuhl Sa
Date: March 12, 2006 at 17:44:14 Pacific

Reply:

I did all the things you listed although I could still not locate the following items:
C:\WINDOWS\System32\formatsys.exe (may be two of these)
C:\WINDOWS\msmbw.exe
There is one pop-up icon still in the taskbar and I believe it is the reason why Spyfalcon comes up during my startup.

Response Number 15

Name: jabuck
Date: March 12, 2006 at 19:19:38 Pacific

Reply:

Run SmitRem again as suggested in response #4.
The files listed below will be hidden. While still in safe mode, set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Run HT again and remove these items if they are listed:
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
Navigate to and delete these files if found:
C:\WINDOWS\System32\formatsys.exe (may be two of these)
C:\WINDOWS\msmbw.exe
Post a new HT log.

Response Number 16

Name: MarcelJordanSmith
Date: March 13, 2006 at 02:15:05 Pacific

Reply:

Hi. Im no computer expert but I found a way to get rid of this pest. Go to the "Tools" and click on "Manage add-ons". You will then see the items that causes this. Disable it. Then download "winsock fix". This will then disconnect your internet connection. Follow instruction and then the computer will restart. Presto! Its all done. I understand you can delete the file that you just disabled but not sure if I should.
Hope we can finally put this bully to rest.
So far so good for me. Not sure what I should do next to clean my computer if that is necessary. So far Im happy getting this far.

Response Number 17

Name: Jah Kuhl Sa
Date: March 14, 2006 at 15:26:29 Pacific

Reply:

Should I try and do what MarcelJordanSmith
suggested?
By the way, here is my updated logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:24:10 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\VISION~1\ONETOU~2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=nascarknutt&key=68232a72a46457048b635884ba814619&ts=41703043&A=188651590011839&B=1066287600000&C=1066287600000&D=1074758400000&I=7.NH4&N=PL&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.exe
O4 - HKLM\..\Run: [Antispy] C:\Program Files\Defender Pro\AntiSpy\Dpas.exe startup
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141596212171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Response Number 18

Name: jabuck
Date: March 14, 2006 at 16:04:28 Pacific

Reply:

Looks like you got rid of the files we last looked at but you have been reinfected with spyfalcon so I don't think you can get rid of that with "managed add-ons".
To kill this beast we have to shut down the real time protection on some of your antispyware. To do so follow these directions http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs
Next follow the directions in responce #4 making sure you are in safe mode when you run SmitRem.
Then run HT, close all windows and browsers except HT, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
While still in safe mode navigate to C:\Program Files\SpyFalcon and delete that folder if found. SmitRem should remove it but if not yyou will need to delete it. Rember to have your computer set up to view hidden files as suggested in Responce #15.

Response Number 19

Name: kinweng
Date: March 23, 2006 at 23:03:48 Pacific

Reply:

hi i have the same problem as jah kul and followed jabuck's instructions.... killbox couldnt find some of the files but i did what i could.... my homepage is now normal but the little virus on the bottom right of my desktop is still there...
Logfile of HijackThis v1.97.7
Scan saved at 14:57:30, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kin Weng\Desktop\defence systems\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Kin%20Weng/Desktop/home.htm
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD47245-F8AF-4995-9B95-42F53B3DAD79}: NameServer = 192.168.2.1
can anyone advice? thanks

Response Number 20

Name: jabuck
Date: March 25, 2006 at 09:21:33 Pacific

Reply:

kinweng

Did you do this:
Go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.You can delete everything there except "my current home page".

Response Number 21

Name: jeanure
Date: May 21, 2006 at 07:03:56 Pacific

Reply:

i have the same problem and i've downloaded HijackThis. but mcAfee deleted it when i tried to put the file on its own saying the file was infected by something - i can remember, but it's worm something something. can somebody help me?

Sponsored Link

Ads by Google

Pe${. am I cracked?

NIS 2006 unable to run fu...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Taskbar pop-ups, Virus

pop-up virus?

Summary

www.computing.net/answers/security/popup-virus/5718.html

(porno) pop-up AND homepage virus

Summary

www.computing.net/answers/security/porno-popup-and-homepage-virus/7621.html

Pop Up Virus

Summary

www.computing.net/answers/security/pop-up-virus/20761.html

From the Geek Dictionary
PFY - Pimple Faced Youth - Usually a young or junior level system administrator, ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
transfer from exp to microvault

password recovery or bypass

"save as" button

Kaspersky Internet Security 2010

boot failure

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE