« previous next »
Pages: [1]

Author Topic: Check this log please!!!!  (Read 595 times)

Offline RexBlaze

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Check this log please!!!!
« on: November 10, 2005, 04:36:13 PM »
Can't get rid of these pop-ups.  My system was infected with allot of spyware, but i believe i got rid of most of it except these two frigin pop-ups.
Ran scans and everything, still dont know the problem.  Almost reinstalled my operating system; its driving me nuts.  I'm fairly new to this, any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:35:05 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Bit Lord 1.1\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A84E481-CE2B-4F97-8EBC-ED67E9E3F83B}: NameServer = 204.255.24.254,204.255.24.251
O18 - Protocol: bw+0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Check this log please!!!!
« Reply #1 on: November 12, 2005, 12:24:32 PM »
Sorry for the delay, if you still need a hand could you post a fresh hijackthis log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline RexBlaze

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Check this log please!!!!
« Reply #2 on: November 12, 2005, 05:38:14 PM »
Logfile of HijackThis v1.99.1
Scan saved at 5:37:20 PM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVComsX.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A84E481-CE2B-4F97-8EBC-ED67E9E3F83B}: NameServer = 204.255.24.254,204.255.24.251
O18 - Protocol: bw+0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks man, any help appreciated.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Check this log please!!!!
« Reply #3 on: November 12, 2005, 05:47:25 PM »
Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet

Please print these instructions or  save them instructions to a Notepad file and save it to your Desktop for reference

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation

In safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Ad-Aware 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's
« Last Edit: November 13, 2005, 12:50:22 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline RexBlaze

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Check this log please!!!!
« Reply #4 on: November 15, 2005, 12:01:56 PM »
Logfile of HijackThis v1.99.1
Scan saved at 11:57:59 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A84E481-CE2B-4F97-8EBC-ED67E9E3F83B}: NameServer = 204.255.24.254,204.255.24.251
O18 - Protocol: bw+0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         11:41:51 AM, 11/15/2005
 + Report-Checksum:      32050F0B

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbuftn6b.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\Program Files\Common Files\Download\freeprodtb.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\Download\mc-110-12-0000137.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\InetGet\mc-110-12-0000137.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup


::Report End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Check this log please!!!!
« Reply #5 on: November 15, 2005, 09:28:11 PM »
Can you make sure that you downloaded, save and UNZIPPED to the BFU folder
both p2pnetwork.zip and bfu.zip
so you have p2pnetwork.bfu and bfu.exe extracted to the BFU folder

Next:
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

I need you too disable Microsoft AntiSpyware's realtime protections so it won't interfere with any of the next fixes we are trying
You can reenable this after we know you are clean
Open Microsoft AntiSpyware.
Click on Options>>> Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

It's important you do this in safe mode
So please reboot into safe mode

Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop.  Open the aproposfix folder on your desktop and run RunThis.bat.  Follow the prompts.

Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Do another scan with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Back in Windows
Can you post a fresh hijackthis log
Also, Post  the entire contents of the log.txt file in the aproposfix folder.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline RexBlaze

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Check this log please!!!!
« Reply #6 on: November 16, 2005, 09:51:42 AM »
Logfile of HijackThis v1.99.1
Scan saved at 9:49:10 AM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A84E481-CE2B-4F97-8EBC-ED67E9E3F83B}: NameServer = 204.255.24.254,204.255.24.251
O18 - Protocol: bw+0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9106A66D-2FE3-4BAB-A746-93400E12B6B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Log of AproposFix v1
 
************
 
Running from directory:  
C:\Documents and Settings\Administrator\Desktop\aproposfix
 
************
 
Registry entries found:
 
[HKEY_LOCAL_MACHINE\Software\CzPhsAF9fMFD]
@=".5Kro\\uVWWVWWXWFdZx7jGdVWWVlYW1rwmx1\\WNTNO9HcbW8MDQ9MNW5G7KMJSTXNTN"
"Device"="\\\\.\\k40OcAl4"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\alcproxy.sys"
"DriverName"="TapIFSL"
"HideUninstallerName"="C:\\Program Files\\Movesync\\msordssp.exe"
"HDll"="C:\\WINDOWS\\system32\\fasbgeng.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.GH2"
"InstallationId"="{X4c994b1-c7b2-794e-4afc-b93c7858bc97}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Movesync\\tsbrcp.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\morextnt.exe"
"Version"="2.0.106"

 
************
 
Removing hidden service:
Service TapIFSL removed.
 
Removing hidden folder:



Hopfully it worked, thanks for your help.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Check this log please!!!!
« Reply #7 on: November 16, 2005, 10:55:36 PM »
That looks good
Can you do the following please

Some final cleanup
If everything is running better, please do the following
You should disable system restore>>>reboot>> and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2 as well

Let me know how everything's running please
« Last Edit: November 16, 2005, 10:56:07 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline RexBlaze

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Check this log please!!!!
« Reply #8 on: November 18, 2005, 10:46:13 AM »
Still have media.fastclick pop-ups!!!!!!!!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Check this log please!!!!
« Reply #9 on: November 18, 2005, 05:01:47 PM »
Did you install>>Update>>Click the "Enable all protection" with SpywareBlaster
If not, do it now!

Afterwards, I take it this is happening in Firefox?
Open Firefox click on Tools>>Options>>Privacy
Clear Cache>>Cookies>>History
OK out of there

Close Firefox
Open CleanUp! and run it again

Reboot into safe mode
Run Apropos fix again

Reboot the computer back into Normal mode
Come back here and post a new hijackthis log
And the new log from Aproposfix.exe>>Log.txt
This time make sure you post back the WHOLE contents of Log.txt
You cut off the bottom of it last time

Do you still get the popups
If so is it random or a particular site that you visit?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »