View Full Version : These guys really deserve to burn in hell
Who's the Boss?
02-23-2006, 10:15 AM
So for the last hour I've been trying to rid my computer of sypware from.... a spyware remover.
I tried Ad-Aware SE but it didn't work. It keeps giving me official looing system messages (warning in the systemtray)about how I should download spy guard because people are attempting to steal my credit card numbers and such. Also every couple of minutes it loads a "Your system is infected! Downloiad spyguard now!" as my desktop image...
Anyone know how I can get this **** off my computer?
Light Fantastic
02-23-2006, 10:42 AM
Go download hijack this and post a log or just reformat.
Who's the Boss?
02-23-2006, 11:24 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:18:56 PM, on 23/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\Program Files\Digidesign\Drivers\MMERefresh.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Universal Shield 4.0\US30Service.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
F:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
F:\WINDOWS\System32\sistray.EXE
F:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
F:\program files\steam\steam.exe
F:\Program Files\ProxyWay\proxyway.exe
F:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr. exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr. exe
F:\Program Files\Xfire\Xfire.exe
F:\Program Files\Common Files\STOPzilla!\szserver.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\d0cuments and Settings\RORY\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 64.121.22.24:4282
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: winapi32.MyBHO - {41DD58D5-6692-433F-AE6C-64E157A496C4} - F:\WINDOWS\System32\winapi32.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - F:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [FaxCenterServer] "F:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [] ""
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [SiS Tray] F:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] "F:\WINDOWS\System32\khooker.exe"
O4 - HKLM\..\Run: [msnappau] "F:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [LVCOMS] "F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "F:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "F:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "F:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AudioHQ] "F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [Creative Launcher] "F:\Program Files\Creative\Launcher\CTLauncher.exe"
O4 - HKLM\..\Run: [ASDPLUGIN] "F:\WINDOWS\System32\canada.exe " -N
O4 - HKLM\..\Run: [HELPER] F:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [DigidesignMMERefresh] "F:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [yxeruw] "f:\windows\system32\edocnvp.exe"
O4 - HKLM\..\Run: [STOPzilla] F:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] F:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WeatherOnTray] F:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PC Booster] F:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [areslite] "F:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe " -quiet
O4 - HKCU\..\Run: [SpyKiller] "F:\Program Files\SpyKiller\spykiller.exe " /startup
O4 - HKCU\..\Run: [mspmsp] "F:\WINDOWS\System32\mspmsp.exe"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [IncrediMail] F:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [dpcdll] "F:\WINDOWS\System32\dpcdll.exe"
O4 - HKCU\..\Run: [BestPopUpKiller] "F:\Program Files\BestPopUpKiller\BestPopupKiller.exe " /startup
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "F:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ProxyWay] F:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] F:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr. exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PowerBar] "F:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] F:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr. exe
O4 - Startup: MemoKit.lnk = F:\Program Files\MemoKit\mk.exe
O4 - Startup: Xfire.lnk = F:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = F:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
Who's the Boss?
02-23-2006, 11:24 AM
O18 - Protocol: bw+0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {757B3ABD-F018-4300-960F-26D36B0AA63B} -
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {757B3ABD-F018-4300-960F-26D36B0AA63B} -
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Who's the Boss?
02-23-2006, 11:25 AM
O18 - Protocol: bwk0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {757B3ABD-F018-4300-960F-26D36B0AA63B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: STOPzilla - F:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - F:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: US30Service - Unknown owner - F:\Program Files\Universal Shield 4.0\US30Service.exe
Light Fantastic
02-23-2006, 11:29 AM
Alot of stuff :(
Back in a little while.
Who's the Boss?
02-23-2006, 11:30 AM
Alot of stuff :(
Back in a little while.
Yeah, too many people use thic computer. Thanks, man.
Light Fantastic
02-23-2006, 11:49 AM
Question,
Do you know about/use anything called Realtek AC97 Audio Sound Manager?
It can be disabled either way without difference, but I think it might be a trojan.
Turkish
02-23-2006, 11:53 AM
Yeah, too many people use thic computer. Thanks, man.
Check your processes list, google all the process in there...that should close out of the big image on your screen.
Reboot your computer and go to start ->run ->cmd and type in netstat and count how many tcp's there are...that's a good indication to how much spyware you might have.
Go to trendmicro.com and run the spyware scan.
Who's the Boss?
02-23-2006, 11:58 AM
Question,
Do you know about/use anything called Realtek AC97 Audio Sound Manager?
It can be disabled either way without difference, but I think it might be a trojan.
nah, that's software that came with my soundcard. It stopped, I changed my desktop and it hasn't changed it back yet (its been about 20 minutes) It's weird because I ran my comp in safe mode and got rid of remaining spyware, but when I started my computer up I still got a few bs spyguard messages in my system tray.
Light Fantastic
02-23-2006, 12:04 PM
OK, I was just suspicious because it used a different process id than the normal one for that soundcard. Maybe it is the trojan and I'll find your soundcard later in the list.
But yeah theres definately a few trojans and dialers so far.
REINER
02-23-2006, 12:07 PM
Just backup important stuff and reformat. It'll be easier and probably better for your PC.
Light Fantastic
02-23-2006, 12:50 PM
I would agree with REINER because there are some trojans and stuff here and I can't promise they definately wont come back, but if you want the list of what to do anyway:
The first thing you should do is unzip hijackthis before running it into it's own folder, ie not from temp, so it can make backups and stuff.
Then get cwshredder from here:
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
and do a scan and let it remove anything it might find.
Next, run another scan in hijackthis and check the following stuff if you find them still there:
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [msnappau] "F:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [ASDPLUGIN] "F:\WINDOWS\System32\canada.exe " -N
O4 - HKCU\..\Run: [mspmsp] "F:\WINDOWS\System32\mspmsp.exe"
O4 - HKCU\..\Run: [dpcdll] "F:\WINDOWS\System32\dpcdll.exe"
O4 - HKCU\..\Run: [BestPopUpKiller] "F:\Program Files\BestPopUpKiller\BestPopupKiller.exe " /startup
O4 - HKCU\..\Run: [PowerBar] "F:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O23 - Service: ISEXEng - Unknown owner - F:\WINDOWS\System32\angelex.exe (file missing)
Also if you want you can check these, it's mostly unecessary stuff - so it's up to you:
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
This is stuff like viewpoint media player that gets installed with AIM, get rid of it if you don't use it.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
That's the quicktime tray icon - serves no real purpose.
O4 - HKCU\..\Run: [SpyKiller] "F:\Program Files\SpyKiller\spykiller.exe " /startup
That's suposedly a spyware removal program, I don't know if you downloaded it, but it's designers motives are questionable. There are better alternatives anyway.
O4 - Startup: Xfire.lnk = F:\Program Files\Xfire\Xfire.exe
Check the box if you don't use your soundcard control panel in the system tray.
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
It's the quick loader for office, but it steals resources and theres no difference in loading time apparently.
You have ares lite, but sill have regular Ares so uninstall that unless you need it for some reason.
Then reboot into safe mode and delete these files if they still exist:
F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
F:\WINDOWS\System32\canada.exe
F:\WINDOWS\System32\mspmsp.exe
F:\WINDOWS\System32\dpcdll.exe
F:\Program Files\BestPopUpKiller\BestPopupKiller.exe
F:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
F:\WINDOWS\System32\angelex.exe
And get a better antivirus, Norton clearly isn't doing a good job.
As a sort of side point:
Is it you personally that uses the proxyway software?
I'd recommend you switch to tor (http://tor.eff.org/) if you care about anonimity on the internets.
>_>
Edit: oh yeah, post another hjt log to make sure it's clean.
StrangelyBrewed13
02-23-2006, 12:51 PM
that sucks
Who's the Boss?
02-23-2006, 01:57 PM
As a sort of side point:
Is it you personally that uses the proxyway software?
I'd recommend you switch to tor (http://tor.eff.org/) if you care about anonimity on the internets.
>_>
haha no I thought it was just another stupid thing like powerbar or whatever that was downloaded. (useless adware) You probably weren't around when Zero posted all my accounts, I don't even try to be anonymous :lol:
Thank for all the help. :chug: I'll probably reformat
The End
02-23-2006, 02:05 PM
reiner your avatar is absolutely massive
The Musician
02-23-2006, 10:30 PM
reiner your avatar is absolutely massive
I think he's over compensating for something.
<_<
>_>
dazmo
02-23-2006, 10:57 PM
http://www.infopackets.com/channels/en/windows/gazette/2006/20060211_remove_spyfalcon_removal_instructions.htm this is for spy falcon, maybe this might help :confused:
So for the last hour I've been trying to rid my computer of sypware from.... a spyware remover.
I tried Ad-Aware SE but it didn't work. It keeps giving me official looing system messages (warning in the systemtray)about how I should download spy guard because people are attempting to steal my credit card numbers and such. Also every couple of minutes it loads a "Your system is infected! Downloiad spyguard now!" as my desktop image...
Anyone know how I can get this **** off my computer?
Is it the SpyFalcon thing?
dazmo
02-24-2006, 01:40 AM
Is it the SpyFalcon thing?
he said it was spyqaurd or something but the lnk for spy falcon removal is above^^
PepsiMetal
02-24-2006, 01:48 AM
Lol, you got crapload of spyware and dialers. You should just format or post your log at http://forums.spywareinfo.com/index.php? and they'll help you clean it up.
bradc1988
02-24-2006, 02:01 AM
Try NoAdware4, it got rid of all the crap on my computer. There's a crack for it at crackDB.com.
DaveTheAmazing 2.0
02-24-2006, 02:04 AM
You certainly know your stuff, Mr Fantastic
JohnXDoe
02-24-2006, 03:45 AM
You can also post a Hijack This! log file here and it will tell you everythnig you need to know in a matter of seconds:
http://www.hijackthis.de/index.php#anl
HazMan
02-24-2006, 03:54 AM
Formatting is king, trust Reiner on this. My computer is running so much faster now i did it.
Labouski
02-24-2006, 08:58 AM
try Spybot - Search & Destroy
bobby__johnny
02-24-2006, 03:49 PM
Question,
Do you know about/use anything called Realtek AC97 Audio Sound Manager?
It can be disabled either way without difference, but I think it might be a trojan.
thats your on board sound control for your mobo.
realtek just about makes all the onboard LAN and Audio for any new motherboard
Light Fantastic
02-24-2006, 05:34 PM
I know but malware has been known to masquerade as other programs, you know. :)
vBulletin® v3.7.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.