Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware Strike Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spyware Strike Infection

Unread postby Belnab » January 24th, 2006, 10:47 am

Hello,

I've recently been infected by the Spyware Strike 2.5. The Spyware Strike seems to be very annoying malware and the removal of it seems to be a hard job. I've followed few different instructions to remove it. Using the smitRem, ewido, Ad-Aware etc haven't helped me so far. I'm starting to get desperate with Spyware Strike, so here is my HJT, Panda activescan and smitRem logs. Hope you can help me to find solution to this problem and remove the Spyware Strike.

Logfile of HijackThis v1.99.1
Scan saved at 16:40:30, on 24.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ewido anti-malware\ewidoctrl.exe
D:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Logi_MwX.Exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Outpost Firewall] D:\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: bw+0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: D:\OUTPOS~1\wl_hook.dll D:\OUTPOS~1\wl_hook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Panda Activescan log:
Incident Status Location

Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ot.ico
Potentially unwanted tool:application/spywarestrike Not disinfected C:\PROGRAM FILES\SpywareStrike
Adware:adware/antivirus-gold Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.gostats.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-66c622a1.zip[InstallerApplet.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Walloittaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\Cache\3EFBEAA3d01[Process.exe]
Adware:Adware/SpywareStrike Not disinfected C:\Program Files\SpywareStrike\uninst.exe
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00054754.MOZ[]
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00054777.exe
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00054914.exe
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055078.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055086.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055089.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055095.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055110.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055111.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055112.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055113.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055229.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055237.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055238.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055244.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055245.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055246.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055263.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055296.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055297.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055298.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055305.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055500.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055529.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055530.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055532.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055542.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055543.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055544.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055546.MOZ[]
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00055576.exe
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00055686.exe
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055713.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055715.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055719.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055730.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055972.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055973.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055992.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055993.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055994.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055995.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00056018.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00056037.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056041.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056068.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056080.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056081.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056083.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056110.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056121.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056135.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056144.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056145.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056146.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056147.MOZ[]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00056148.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056149.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056150.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056151.MOZ[]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00056152.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056153.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056295.MOZ[]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056296.MOZ[]
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00056310.exe
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056327.MOZ[]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056328.MOZ[]
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00056340.exe
Adware:Adware/SpywareStrike Not disinfected C:\RECYCLER\NPROTECT\00056430.exe
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056547.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056557.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056733.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056735.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056736.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056743.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056749.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056750.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056751.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056752.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056754.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056755.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056756.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056757.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056758.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056759.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056760.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056761.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056762.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056765.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056770.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056785.MOZ[]
Spyware:Cookie/Doubleclick Not disinfected D:\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000633.asw
Potentially unwanted tool:Application/Processor Not disinfected D:\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\smitRem(2).exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\smitRem.exe[Process.exe]

And finally smitRem log:
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: ti 24.01.2006
The current time is: 15:24:10,56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpywareStrike © by noahdfear

SpywareStrike directory present

SpywareStrike uninstaller present

Starting spystri uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am
Advertisement
Register to Remove

Unread postby Belnab » January 24th, 2006, 10:50 am

As it seems the message is getting too long and whole smitRem log cant be included in the first post; here is the complete log of smitRem:
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: ti 24.01.2006
The current time is: 15:24:10,56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpywareStrike © by noahdfear

SpywareStrike directory present

SpywareStrike uninstaller present

Starting spystri uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

wininet.dll is missing!!
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am

Unread postby amateur » January 24th, 2006, 3:48 pm

Hi Belnab, :D

Welcome to MR. Please folow the instructions on this blog posted by Nick (one of our teachers.)

http://malwareremoval.com/plog/index.ph ... 8&blogId=3

Post back with a fresh HJT log after doing that please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Belnab » January 25th, 2006, 2:28 am

Morning,

Now I've done as was instructed in Nick's instructions. Here is the HJT log after rebooting back to normal mode from Safe mode. I've HJT log from Safe mode left and also Ewido & smitRem logs, if they are needed at any point. Hope this HJT log helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:08, on 25.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ewido anti-malware\ewidoctrl.exe
D:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Logi_MwX.Exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Outpost Firewall] D:\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: bw+0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: D:\OUTPOS~1\wl_hook.dll D:\OUTPOS~1\wl_hook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Even after doing as was instructed Spyware Strike seems to be working as before. Hope you can help me to get rid of it.
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am

Unread postby amateur » January 25th, 2006, 10:17 am

Hi Belnab, :D

Thanks for the log. :) I would like you to read the following quotation and make a decision about Logitech Desktop Messenger.

What is Backweb and what is the Logitech Desktop Messenger? Answer

With millions of people buying Logitech products through retail dealers and worldwide distributors, Logitech wanted to establish a direct relationship with our customers and improve our after-sales customer experience. By ensuring that our customers receive critical content such as notice of software upgrades, patches, and product promotions in a seamless, timely and cost-effective manner, Logitech is able to provide a high level of customer satisfaction with our products. We accomplish this using BackWeb's Proactive technology and patented Polite® communications technology, which avoids disrupting you by downloading content in the background during network idle time. We only retrieve information about your Logitech devices; no other information is uploaded to our servers or any other internet servers.

If you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panel. I'll include the associated entries in the HijackThis fix in purple.

First we'll need to disable real-time scanners so that they will not interfere with the fix.

First of all, I see Norton Scriptblocking service present.

* Disable the Script Blocking Service:
" To open Services, click Start, point to Settings, and then click Control Panel. Double-click Administrative Tools, and then double-click Services.
" Find ScriptBlocking services, Right-click the service, and then click and then click Properties. On the General tab, under Startup, click Disabled.
" Under Service Status, click Stop button. Click Apply button.
* Disable the Script Blocking In Norton Settings:
" Start Norton Antivirus.
" Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
" Click Script Blocking.
" Uncheck Enable Script Blocking (recommended).
" Click OK

Disable Ewido guard

1. Open Ewido by double-clicking the yellow 'E' icon in the system tray.
2. In the 'Your security status' section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
3. When you reboot, Ewido will prompt you as to whether you would like to "Restart the guard?".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.

You need to turn off the NProtect service. All it is doing is keeping files around that should have been removed.
To disable it:

Click Start> Run> Type in Services.msc and Click OK!

Scroll down that list and locate Norton Unerase Protection

Right Click that entry and Select Properties> Click Stop> Go up and Change the "Startup Type" to "Disabled"

You can reenable them afterwards when everything is clean again.

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Look in here for more information.

Next scan with HijackThis and put a checkmark against the following entries:

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O18 - Protocol: bw+0 - {EDBC10E2-6567-4706-AEA1-EE90C4B96B0D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll <----------------------- Please put a chekmark against all the 018 entries for Logitech Desktop Messenger


Close all other windows/applications, except HijackThis, and click on "Fix checked". Exit HijackThis, but stay in Safe Mode.

Using Windows Explorer, navigate and delete the following folders in bold:

C:\Program Files\Logitech\Desktop Messenger
C:\Program Files\SpywareStrike

Still in Safe Mode, we'll do a little clean up now:

To clean temporary files:

1. Go > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Prefetch Folder

Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

Empty the Norton Protected Recycle Bin.

While still in Safe Mode, scan with Ewido.

Restart your computer in Normal Mode. Save the report.

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Run HijackThis again and save the log.

Post the new HijackThis log, Ewido log and the Panda scan results in your next reply
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Belnab » January 25th, 2006, 1:52 pm

Okey, done as you instructed. Atm the "error report" from the right corner has dissapered! Seems we are near to beat the Spyware Strike. Here's the logs of HJT, Ewido and Panda:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:17:38, 25.1.2006
+ Report-Checksum: D6235A38

+ Scan result:

[780] C:\WINDOWS\system32\replmap.dll -> Not-A-Virus.Hoax.Win32.Renos.v : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.15:C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\RECYCLER\NPROTECT\00054776.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00054777.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00054913.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00054914.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055575.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055576.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055577.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055578.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055588.EXE -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055683.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055684.EXE -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055685.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055686.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00055687.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056309.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056310.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056311.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056312.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056321.EXE -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056337.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056338.EXE -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056339.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056340.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056341.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056429.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056430.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056431.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056432.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00056443.EXE -> Adware.SpywareStrike : Cleaned without backup
:mozilla.9:C:\RECYCLER\NPROTECT\00057639.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.8:C:\RECYCLER\NPROTECT\00057641.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.8:C:\RECYCLER\NPROTECT\00057647.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057648.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.13:C:\RECYCLER\NPROTECT\00057649.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.13:C:\RECYCLER\NPROTECT\00057650.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.13:C:\RECYCLER\NPROTECT\00057651.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.13:C:\RECYCLER\NPROTECT\00057654.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.14:C:\RECYCLER\NPROTECT\00057655.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.14:C:\RECYCLER\NPROTECT\00057657.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\RECYCLER\NPROTECT\00057692.URL -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00057693.exe -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00057694.REF -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00057695.ini -> Adware.SpywareStrike : Cleaned without backup
C:\RECYCLER\NPROTECT\00057707.EXE -> Adware.SpywareStrike : Cleaned without backup
:mozilla.14:C:\RECYCLER\NPROTECT\00057720.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.6:C:\RECYCLER\NPROTECT\00057721.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.17:C:\RECYCLER\NPROTECT\00057721.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.7:C:\RECYCLER\NPROTECT\00057725.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.17:C:\RECYCLER\NPROTECT\00057725.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.6:C:\RECYCLER\NPROTECT\00057731.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.6:C:\RECYCLER\NPROTECT\00057732.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.8:C:\RECYCLER\NPROTECT\00057732.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.6:C:\RECYCLER\NPROTECT\00057734.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.8:C:\RECYCLER\NPROTECT\00057734.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.7:C:\RECYCLER\NPROTECT\00057736.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.9:C:\RECYCLER\NPROTECT\00057736.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.8:C:\RECYCLER\NPROTECT\00057737.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057737.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.9:C:\RECYCLER\NPROTECT\00057739.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.11:C:\RECYCLER\NPROTECT\00057739.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.9:C:\RECYCLER\NPROTECT\00057941.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.11:C:\RECYCLER\NPROTECT\00057941.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057942.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00057942.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057943.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00057943.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057944.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00057944.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00057949.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00057949.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00058074.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00058074.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00058075.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00058075.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00058076.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00058076.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.10:C:\RECYCLER\NPROTECT\00058088.MOZ -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\RECYCLER\NPROTECT\00058088.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\WINDOWS\system32\ldE32C.tmp -> Downloader.Zlob.fe : Cleaned without backup
C:\WINDOWS\system32\replmap.dll -> Not-A-Virus.Hoax.Win32.Renos.v : Cleaned without backup
D:\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000064a.asw -> Spyware.Cookie.Doubleclick : Cleaned without backup
D:\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000654.asw -> Spyware.Cookie.Doubleclick : Cleaned without backup


::Report End

HJT & Panda logs will be at next post, since they can't fit in this one.
Last edited by Belnab on January 25th, 2006, 1:57 pm, edited 1 time in total.
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am

Unread postby Belnab » January 25th, 2006, 1:53 pm

And here is the HJT log as last post got full:
Logfile of HijackThis v1.99.1
Scan saved at 19:48:52, on 25.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ewido anti-malware\ewidoctrl.exe
D:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Logi_MwX.Exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
D:\Winamp\winamp.exe
D:\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Outpost Firewall] D:\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [THGuard] D:\TrojanHunter 4.2\THGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: D:\OUTPOS~1\wl_hook.dll D:\OUTPOS~1\wl_hook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

And here lies the Panda log:

Incident Status Location

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Walloittaja\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Walloittaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\Cache\3EFBEAA3d01[Process.exe]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00054754.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055078.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055086.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00055089.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055095.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055110.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055111.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055112.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055113.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055229.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055237.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055238.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055244.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055245.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055246.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055263.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055296.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055297.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055298.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055305.MOZ[]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\NPROTECT\00055500.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055529.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055530.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055532.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055542.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055543.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055544.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055546.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055713.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055715.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055719.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055730.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055972.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00055973.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055992.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055993.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055994.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00055995.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00056018.MOZ[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00056037.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056041.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056068.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056080.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056081.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056083.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056110.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056121.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056135.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056144.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056145.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056146.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056147.MOZ[]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00056148.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056149.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056150.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056151.MOZ[]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00056152.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056153.MOZ[]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00056295.MOZ[]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056296.MOZ[]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056327.MOZ[]
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\NPROTECT\00056328.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056547.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056557.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056733.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056735.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056736.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056743.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056749.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056750.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056751.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056752.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056754.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056755.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056756.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056757.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056758.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056759.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056760.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056761.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056762.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056765.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056770.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056785.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056787.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056800.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056804.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056805.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056929.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056933.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056934.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00056936.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057042.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057044.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057045.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057046.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057047.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057048.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057049.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057051.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057053.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057055.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057057.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057058.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057061.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057062.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057064.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057066.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057069.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057070.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057071.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057072.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057073.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057074.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057075.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057076.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057077.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057078.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057079.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057080.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057157.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057158.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057159.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057160.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057161.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057162.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057163.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057168.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057171.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057172.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057174.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057175.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057176.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057177.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057178.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057179.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057181.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057183.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057186.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057189.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057191.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057194.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057196.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057197.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057199.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057201.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057202.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057203.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057204.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057208.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057210.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057212.MOZ[]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00057214.MOZ[]
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am

Unread postby amateur » January 25th, 2006, 3:07 pm

Hi Belnab, :D

Thank you for the logs. I am going through them now. I'll post back in an hour or so.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » January 25th, 2006, 4:23 pm

Helllo again Belnab, :D

I have great news for you. :D The Spyware strike is OUT for good. The log is clean. :D You've done a good job. :thumbright: Just a little tidying up, then you are all set to go. Please let me know in a couple of days how your computer is running.

C:\Documents and Settings\Walloittaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default------ do you know this profile? If not, delete it please. If you do, then empty the contents of the following folder in bold:

C:\Documents and Settings\Walloittaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\lfre0qdm.default\Cache

Scan with HijackThis again and put a checkmark against the following entry. Somehow, it was left out.

O4 - Startup: PowerReg Scheduler.exe

Close all other windows and click on "fix checked". Exit HijackThis.

Ewido cleaned a lot of stuff. Most of the items in Panda report are in the Norton Protected Recycle Bin. In my opinion, it is a useless Norton "feature" that is keeping stuff you do not need around.

Please empty the Norton Protected Recycle Bin.

Please download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
It's a useful tool to use with Firefox and Opera browsers as well.
When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now that you are clean, or seem to be, please follow these simple steps in order to keep your computer clean and secure.

Re-enable the realtime scanners that we've disabled in the beginning of the fix.

A Note on Ewido: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days that is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
check the Hide file extensions for known file types.
Click OK.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)
1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.
4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Restart your computer in Normal Mode.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got a antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AntiVir here
AVG Free here
Avast here

It is essential to keep the anti-virus program fully updated. New virus infections are being produced all the time, and unless the program downloads the latest 'definitions', it cannot protect you against the newer versions. If you want to check for updates manually I'd recommended doing so at least once a week. However, a better option is to set the program to download and install updates automatically every time you are connected to the Internet. The first time you use it, please set it to perform a full system scan.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here Remember to "immunize" after each update
Microsoft Antispyware here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall (Will be discontinued as from the end of 2005) here
Outposthere
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, fe. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

And, finally, here is a link if you want to do something about internet security.
Happy and safe surfing. ;)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Belnab » January 25th, 2006, 4:46 pm

All I can say is: Thank you amateur! :)
I've now re-enanbled those scanners that were disabled, cleared system restore etc. I'll inform you if anything pops up in few days. And, if not I'll tell it. And about the lfre0qdm.default profile: It was unknown to me, so I deleted it. About the infection in 1st place, I think i got it due to not-up-to-date windows. And where, I think it was wmp's codec files, probably fake or something. I've found the combination of Outpost fw, Norton AV, Ad-aware and Mozilla Firefox as browser nice. This was the 1st infection (and hopefully last) that couldn't easily be removed. Once again, thanks alot. You've been great help to me.
Belnab
Active Member
 
Posts: 6
Joined: January 24th, 2006, 10:38 am

Unread postby amateur » January 25th, 2006, 4:49 pm

You're very welcome. :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Nick-YF19 » February 5th, 2006, 11:45 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware