Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - nicetruk

Pages: [1]

Tech Clinic / Got hijacked

« on: January 05, 2006, 09:26:10 PM »

Guestolo:
Everything looks great...
Thank you again for all you time and effort.
I'll try to keep scanning after any downloads and at each startup.

Keep fighting the good fight.

nice

Tech Clinic / Got hijacked

« on: January 03, 2006, 07:38:47 PM »

find.bat attached:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="NT Authority\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Tech Clinic / Got hijacked

« on: January 02, 2006, 07:17:37 PM »

Sorry: I can't find Security Center in services.msc...
Here is the exported list... not there...

Name   Description   Status     Startup Type   Log On As
Alerter   Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local Service
Application Layer Gateway Service   Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.   Started   Manual   Local Service
Application Management   Provides software installation services such as Assign, Publish, and Remove.      Manual   Local System
Automatic Updates   Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.   Started   Automatic   Local System
Background Intelligent Transfer Service   Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.   Started   Automatic   Local System
ClipBook   Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.      Disabled   Local System
COM+ Event System   Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Manual   Local System
COM+ System Application   Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
Computer Browser   Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.      Automatic   Local System
Cryptographic Services   Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
DCOM Server Process Launcher   Provides launch functionality for DCOM services.   Started   Automatic   Local System
DHCP Client   Manages network configuration by registering and updating IP addresses and DNS names.   Started   Automatic   Local System
Distributed Link Tracking Client   Maintains links between NTFS files within a computer or across computers in a network domain.   Started   Automatic   Local System
Distributed Transaction Coordinator   Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.       Manual   Network Service
DNS Client   Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Network Service
Error Reporting Service   Allows error reporting for services and applictions running in non-standard environments.   Started   Automatic   Local System
Event Log   Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.   Started   Automatic   Local System
ewido security suite control      Started   Automatic   Local System
ewido security suite guard         Automatic   Local System
Fast User Switching Compatibility   Provides management for applications that require assistance in a multiple user environment.   Started   Manual   Local System
Help and Support   Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
HID Input Service   Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
HTTP SSL   This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
IMAPI CD-Burning COM Service   Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
Indexing Service   Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.      Manual   Local System
InstallDriver Table Manager   Provides support for the Running Object Table for InstallShield Drivers      Manual   Local System
IPSEC Services   Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.   Started   Automatic   Local System
Logical Disk Manager   Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
Logical Disk Manager Administrative Service   Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.      Manual   Local System
Machine Debug Manager   Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.   Started   Automatic   Local System
Messenger   Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.      Disabled   Local System
MS Software Shadow Copy Provider   Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
MxLcdLib      Started   Automatic   Local System
MxSndLib      Started   Automatic   Local System
Net Logon   Supports pass-through authentication of account logon events for computers in a domain.      Manual   Local System
NetMeeting Remote Desktop Sharing   Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
Network Connections   Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.   Started   Manual   Local System
Network DDE   Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Disabled   Local System
Network DDE DSDM   Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.       Disabled   Local System
Network Location Awareness (NLA)   Collects and stores network configuration and location information, and notifies applications when this information changes.   Started   Manual   Local System
Network Provisioning Service   Manages XML configuration files on a domain basis for automatic network provisioning.      Manual   Local System
NT LM Security Support Provider   Provides security to remote procedure call (RPC) programs that use transports other than named pipes.      Manual   Local System
NVIDIA Driver Helper Service      Started   Automatic   Local System
Office Source Engine   Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.      Manual   Local System
PC Tools Spyware Doctor         Automatic   Local System
Performance Logs and Alerts   Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Network Service
Plug and Play   Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.   Started   Automatic   Local System
Pml Driver      Started   Manual   Local System
Portable Media Serial Number Service   Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.      Manual   Local System
Print Spooler   Loads files to memory for later printing.   Started   Automatic   Local System
Protected Storage   Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.   Started   Automatic   Local System
QoS RSVP   Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.      Manual   Local System
Remote Access Auto Connection Manager   Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.      Manual   Local System
Remote Access Connection Manager   Creates a network connection.   Started   Manual   Local System
Remote Desktop Help Session Manager   Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.      Manual   Local System
Remote Procedure Call (RPC)   Provides the endpoint mapper and other miscellaneous RPC services.   Started   Automatic   Network Service
Remote Procedure Call (RPC) Locator   Manages the RPC name service database.      Manual   Network Service
Removable Storage         Manual   Local System
Routing and Remote Access   Offers routing services to businesses in local area and wide area network environments.      Disabled   Local System
Secondary Logon   Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
Security Accounts Manager   Stores security information for local user accounts.   Started   Automatic   Local System
Server   Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
Shell Hardware Detection      Started   Automatic   Local System
Smart Card   Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local Service
Sony SPTI Service         Manual   Local System
SonyMxTimer      Started   Automatic   Local System
SSDP Discovery Service   Enables discovery of UPnP devices on your home network.   Started   Manual   Local Service
StarWind iSCSI Service   Enables network access to local devices via iSCSI protocol.   Started   Automatic   Local System
StyleXPService      Started   Automatic   Local System
System Event Notification   Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.   Started   Automatic   Local System
System Restore Service   Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties   Started   Automatic   Local System
Task Scheduler   Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
TCP/IP NetBIOS Helper   Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.   Started   Automatic   Local Service
Telephony   Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.   Started   Manual   Local System
Terminal Services   Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.   Started   Manual   Local System
Themes   Provides user experience theme management.   Started   Automatic   Local System
Trend Micro Central Control Component   Manages the Trend Micro PC-cillin components.   Started   Automatic   Local System
Trend Micro Personal Firewall   Manages the Trend Micro Personal Firewall.   Started   Automatic   Local System
Trend Micro Proxy Service   Manages the Trend Micro Proxy.   Started   Automatic   Local System
Trend Micro Real-time Service   Enables scanning in real time.   Started   Automatic   Local System
Uninterruptible Power Supply   Manages an uninterruptible power supply (UPS) connected to the computer.      Manual   Local System
Universal Plug and Play Device Host   Provides support to host Universal Plug and Play devices.      Manual   Local Service
Volume Shadow Copy   Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
WebClient   Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local Service
Windows Audio   Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
Windows Firewall/Internet Connection Sharing (ICS)   Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.   Started   Automatic   Local System
Windows Image Acquisition (WIA)   Provides image acquisition services for scanners and cameras.   Started   Automatic   Local System
Windows Installer   Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.      Manual   Local System
Windows Management Instrumentation   Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System
Windows Time   Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   Started   Automatic   Local System
Windows User Mode Driver Framework   Enables Windows user mode drivers.   Started   Automatic   Local Service
Wireless Zero Configuration   Provides automatic configuration for the 802.11 adapters   Started   Automatic   Local System
WMI Performance Adapter   Provides performance library information from WMI HiPerf providers.      Manual   Local System
Workstation   Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.   Started   Automatic   Local System

Tech Clinic / Got hijacked

« on: January 01, 2006, 09:23:17 PM »

guestolo:

here is the only smitfiles.txt I have:

~~~ Upon reboot ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!

~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!

~~~~ Rechecking C:\windows\system32\wininet.dll for infection ~~~~

~~~~ C:\windows\system32\wininet.dll Clean!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> ~~~~

here is the new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:07:30 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\EXPLORER.EXE
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\windows\system32\HPHipm09.exe
C:\windows\system32\wuauclt.exe
D:\hijack files\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

I went to the windows security center, but was unable to check the Change the way Security Center alerts me.
The message said that I have not started security center...
I did go to the individual items of firewall, internet security and automatic updates... Made sure that all were proper...

Tech Clinic / Got hijacked

« on: December 31, 2005, 10:02:30 PM »

guestolo:

Here is the Smitfiles.txt,
The Ewido report and
a new hijackthis log...

From what I can tell, it seems to have cleared-up everything...
Thanks for the assist.

Any more suggestions or recommended donation spots...I'm in...
thanks again
Jeff

~~~ Upon reboot ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!

~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!

~~~~ Rechecking C:\windows\system32\wininet.dll for infection ~~~~

~~~~ C:\windows\system32\wininet.dll Clean!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> ~~~~

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         5:47:50 PM, 12/31/2005
+ Report-Checksum:      2118F36D

+ Scan result:

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-839522115-1454471165-682003330-1004\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-839522115-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
   C:\!KillBox\MM4.EXE -> Proxy.Delf.an : Cleaned with backup
   C:\!KillBox\services.exe -> Downloader.CWS.r : Cleaned with backup
   C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
   C:\WINDOWS\system32\saie321.dll -> Adware.eZula : Cleaned with backup
   C:\WINDOWS\system32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
   C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
   C:\WINDOWS\tool1.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
   C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
   C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
   C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned with backup
   C:\WINDOWS\inet20003\services.exe -> Downloader.CWS.r : Cleaned with backup
   C:\Program Files\Common Files\rrlljdjn\tpahpnap\nbltdnej.exe -> Adware.Gator : Cleaned with backup
   C:\Program Files\Common Files\rrlljdjn\rlfhnfntna\fdlrdnlfp.exe -> Adware.Gator : Cleaned with backup
   C:\Program Files\themexp\Themexp.org File\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
   C:\Program Files\themexp\Themexp.org File\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP306\A0092593.exe -> Proxy.Delf.an : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092918.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092922.EXE -> Proxy.Delf.an : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092923.exe -> Worm.Delf.i : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092941.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092945.EXE -> Proxy.Delf.an : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092946.exe -> Downloader.CWS.r : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092948.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
   C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092981.dll -> Spyware.Ihbo : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 8:47:58 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\windows\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\windows\system32\HPHipm09.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

got the link from your last post...
sent a little package via paypal

Tech Clinic / Got hijacked

« on: December 31, 2005, 04:35:11 PM »

Done...
Here is the new logfile.
thanks

Logfile of HijackThis v1.99.1
Scan saved at 3:32:50 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\WINDOWS\inet20005\services.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SMSS.EXE
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\WINDOWS\INET20005\MM4.EXE
C:\windows\system32\hpoipm07.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\windows\system32\HPHipm09.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20005\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Tech Clinic / Got hijacked

« on: December 31, 2005, 11:45:53 AM »

I think I got hit by the spy sheriff.
Thought I could get all out by myself...
I was wrong...
Need some real help...

The last two issues that I can't seem to fix are:
I keep getting the startup error for C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
And; My internet explorer won't keep my home page...It keeps loading as http:///

That's all I can find...
thanks
Jeff

Logfile of HijackThis v1.99.1
Scan saved at 10:39:35 AM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\WINDOWS\inet20005\services.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SMSS.EXE
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\INET20005\MM4.EXE
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\windows\system32\HPHipm09.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20005\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKLM\..\Run: [ErrorDoctor] C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531
O18 - Protocol: bw+0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - nicetruk

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked

Tech Clinic / Got hijacked