Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help...Please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help...Please

Unread postby ksp683 » December 10th, 2006, 12:35 pm

Through many hours of fighting with my computer I have determined that it is a Trojan.Proxy.Agent.FP I can tell my internet is starting to slow down too. It has highjacked my browser disabling me to get to many help sites, such as AVG, or McAfee etc. I was able to run a HiJack This and got a logfile to provide some information to anyone willing to help me.
Here it is

Logfile of HijackThis v1.99.1
Scan saved at 8:05:43 PM, on 08/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\nofun\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\WINNT\system32\qmozom\csrss.exe
F3 - REG:win.ini: run=C:\WINNT\system32\qmozom\csrss.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C36F1E1A-424D-4EAA-9C06-E92C9E318E2D} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: csrss.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: bw+0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\fp0203doe.dll (file missing)
O20 - Winlogon Notify: tuvwvvw - tuvwvvw.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\system32\mgabg.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)

Thank you in advance
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm
Advertisement
Register to Remove

Unread postby Linkmaster » December 10th, 2006, 10:21 pm

Hi ksp683, Welcome to MalWare Removal !!

Download ComboFix to your Desktop

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Make sure you have Disconnected from the Internet !

Double click on combofix.exe
Follow the prompts

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall

When finished, it will produce a log for you

Reboot to Normal Mode

Post a fresh HijackThis log along with the ComboFix log here
(You may need to use several replies as the logs may be cut off)

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Thanks for replying

Unread postby ksp683 » December 10th, 2006, 11:39 pm

Alright well everything seemed to go ok and here are the scan results.

1) ComboFix

User - Sun 10/12/2006 21:12:11.23 Service Pack 4
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\User\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{ec061688-3f96-48c4-add7-93bf2e5af7cd}]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{7f06e139-b364-47bb-8fb2-f58b972036e3}]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{cdede052-a26d-4161-864c-96e6ad1aa903}]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{d038b17e-814a-42bd-9c4b-c2c3e47294f1}]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{de3af427-c3b2-4a4f-95be-744ce97f33a5}]

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\netstat.com
C:\WINNT\system32\taskkill.com


((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 21:18 <DIR> d-------- C:\WINNT\erdnt
2006-12-09 01:05 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
2006-12-09 01:05 7,424 --a------ C:\WINNT\system32\drivers\pxcom.sys
2006-12-09 01:05 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
2006-12-09 01:05 273,664 --a------ C:\WINNT\system32\drivers\pxfsf.sys
2006-12-09 01:05 18,432 --a------ C:\WINNT\system32\drivers\pxtdi.sys
2006-12-09 01:05 13,568 --a------ C:\WINNT\system32\drivers\pxrd.sys
2006-12-09 01:05 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
2006-12-09 01:05 <DIR> d-------- C:\Documents and Settings\User\Application Data\Prevx
2006-12-09 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2006-12-09 00:50 <DIR> d-------- C:\Program Files\WinZip
2006-12-09 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2006-12-08 23:59 <DIR> d-------- C:\!KillBox
2006-12-08 14:56 <DIR> d-------- C:\nofun
2006-12-08 11:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\TrojanHunter
2006-12-08 11:26 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-12-08 01:26 51,072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys
2006-12-08 01:26 30,592 --a------ C:\WINNT\system32\drivers\ikhfile.sys
2006-12-08 01:26 <DIR> d-a------ C:\Program Files\Spyware Doctor
2006-12-08 01:26 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2006-12-08 01:02 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2006-12-08 01:01 <DIR> d-a------ C:\WINNT\Internet Logs
2006-12-08 00:55 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-07 21:08 <DIR> d-------- C:\Program Files\Innovatools
2006-12-07 20:29 57,344 --a------ C:\WINNT\system32\avsda.dll
2006-12-07 20:29 46,336 --a------ C:\WINNT\system32\drivers\avgntdd.sys
2006-12-07 20:29 11,904 --a------ C:\WINNT\system32\drivers\avgntmgr.sys
2006-12-07 20:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2006-12-05 22:09 249,856 --a------ C:\WINNT\system32\drone.exe
2006-12-05 21:46 84,744 --a------ C:\WINNT\system32\drivers\mfeavfk.sys
2006-12-05 21:46 37,800 --a------ C:\WINNT\system32\drivers\mfesmfk.sys
2006-12-05 21:46 33,896 --a------ C:\WINNT\system32\drivers\mfebopk.sys
2006-12-05 21:46 31,560 --a------ C:\WINNT\system32\drivers\mferkdk.sys
2006-12-05 21:46 161,768 --a------ C:\WINNT\system32\drivers\mfehidk.sys
2006-12-05 21:46 104,024 --a------ C:\WINNT\system32\drivers\Mpfp.sys
2006-12-05 21:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-05 19:45 143,360 --a------ C:\WINNT\system32\dunzip32.dll
2006-11-29 09:11 122,880 --a------ C:\WINNT\system32\updater.exe
2006-11-27 00:32 33,824 --a------ C:\WINNT\system32\drivers\oreans32.sys
2006-11-27 00:19 638,976 --a------ C:\WINNT\system32\divx.dll
2006-11-27 00:19 524,288 --a------ C:\WINNT\system32\xvidcore.dll
2006-11-27 00:19 413,760 --a------ C:\WINNT\system32\mpg4c32.dll
2006-11-27 00:19 261,632 --a------ C:\WINNT\system32\mcdvd_32.dll
2006-11-27 00:19 139,264 --a------ C:\WINNT\system32\xvidvfw.dll
2006-11-27 00:19 1,700,352 --a------ C:\WINNT\system32\GdiPlus.dll
2006-11-27 00:19 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2006-11-26 20:04 <DIR> d--hs---- C:\WINNT\system32\qmozom
2006-11-15 03:03 <DIR> d-------- C:\82e99a1c03d3761b5a1eb1
2006-11-10 00:52 <DIR> d-------- C:\Program Files\John Deere American Farmer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-09 11:16 -------- d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2006-12-08 16:02 -------- d-------- C:\Program Files\Google
2006-12-08 00:55 -------- d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2006-12-05 22:09 23 --a------ C:\WINNT\system32\drivers\nwlnkcr.sys
2006-12-05 22:01 -------- d-------- C:\Program Files\Common Files\McAfee
2006-12-05 21:51 -------- d-------- C:\Program Files\SiteAdvisor
2006-12-05 21:33 -------- d---s---- C:\Documents and Settings\User\Application Data\Microsoft
2006-12-05 19:26 -------- d-------- C:\Documents and Settings\User\Application Data\SiteAdvisor
2006-11-27 00:19 -------- d-a------ C:\Program Files\Common Files
2006-11-23 17:31 -------- d-------- C:\Program Files\Java
2006-11-23 17:04 11520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
2006-11-22 21:43 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-13 12:50 71168 --a------ C:\WINNT\system32\LxrJD31s.exe
2006-11-13 12:50 69824 --a------ C:\WINNT\system32\drivers\LxrJD31d.sys
2006-11-13 12:50 61440 --a------ C:\WINNT\system32\LxrJD20Sat.dll
2006-11-13 12:50 249856 --a------ C:\WINNT\system32\LxrJD31.dll
2006-11-13 12:50 163840 --a------ C:\WINNT\system32\LxrJD31c.exe
2006-11-13 12:50 146432 --a------ C:\WINNT\system32\LxrJD31p.exe
2006-11-04 14:14 1245696 --a------ C:\WINNT\system32\msxml4.dll
2006-10-26 19:36 -------- d-------- C:\Documents and Settings\User\Application Data\McAfee
2006-10-15 10:33 -------- d-------- C:\Program Files\MSN Messenger
2006-10-13 17:58 28672 --a------ C:\WINNT\gscr.dll
2006-10-13 17:57 216064 --a------ C:\WINNT\iun3405.exe
2006-10-10 16:08 -------- d-------- C:\Program Files\LimeWire
2006-10-09 00:03 847689 ---hs---- C:\WINNT\system32\moppo.bak2
2006-10-05 13:36 843682 ---hs---- C:\WINNT\system32\moppo.bak1
2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Spyware Doctor"=""
"csrss"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"
"McAfee Privacy Service"="C:\\Program Files\\McAfee\\MPS\\mps.exe -r"
"csrss"=""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.google.ca/"
"SubscribedURL"="http://www.google.ca/"
"FriendlyName"="Google"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,50,01,00,00,1f,00,00,00,80,00,00,00,76,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,10,03,00,00,15,01,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,c0,5c,93,70,0a,00,00,00,c0,08,b9,70,0a,bd,37,\
e4,77,c0,17,e4,77

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HPAiODevice.lnk"
"backup"="C:\\WINNT\\pss\\HPAiODevice.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\HPPSC7~1\\bin\\hpodev07.exe -DeviceID 1133887740"
"item"="HPAiODevice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\McQcTask.job

Completion time: Sun 2006-12-10 21:28:00.92
C:\ComboFix.txt ... 06-12-10 21:28
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

and here is the HighJack This Log

Unread postby ksp683 » December 10th, 2006, 11:40 pm

Logfile of HijackThis v1.99.1
Scan saved at 21:24, on 06-12-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\nofun\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C36F1E1A-424D-4EAA-9C06-E92C9E318E2D} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [combofix] C:\sUBs\combofix.cmd
O4 - HKLM\..\RunOnce: [combofix] C:\sUBs\combofix.cmd
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: csrss.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: bw+0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: tuvwvvw - tuvwvvw.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\system32\mgabg.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby Linkmaster » December 11th, 2006, 12:12 pm

Download MsnVirRem.exe© by skate_punk_21 to your desktop

First close any other programs you have running as this will require a reboot

Double click MsnVirRem.exe
Once open, click the button labelled Search and Destroy
<<Your computer will now be scanned for Infected Files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the REBOOT Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup from MsnVirRem if not, double click the program again and it will finish
Please Post the contents of C:\msnvirrem.log along with a fresh HijackThis log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby ksp683 » December 11th, 2006, 12:58 pm

MsnVirRem Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\User\Desktop
11/12/2006
10:33:47 AM

---Infection Files Found---
C:\WINNT\system32\drivers\csrss.exe

C:\WINNT\system32\qmozom\csrss.exe
C:\WINNT\system32\qmozom\csrss.ini
C:\Documents and Settings\User\Start Menu\Programs\Startup\csrss.lnk

Rebooting...
Fixing Registry Permissions...
Editing Registry...
Fixing Host File...
**Fix Complete!**




Logfile of HijackThis v1.99.1
Scan saved at 10:47:46 AM, on 11/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\nofun\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C36F1E1A-424D-4EAA-9C06-E92C9E318E2D} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: bw+0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: tuvwvvw - tuvwvvw.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\system32\mgabg.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)


Thank you for your help again! :)
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby Linkmaster » December 11th, 2006, 1:37 pm

You are very Welcome ! We are close !

I want to see if a service is still active, if you can't find it don't worry about it just skip to #2

#1 Go to Start, Run, type in services.msc then hit OK
Find and Double click on : (if present)

Events Log and click on Stop in the Service Status section

In the Startup type section click the down arrow and select Disable
Select Apply and OK close services

Run HiJackThis
Click on "None of the above, just start the program" (if this pops up)
Now, click on the "Config" button (bottom right)
Click on "Misc Tools"
Then click on "Delete an NT Service" a window will pop up
Enter the below item into that field (copy and paste): (if present)

Event

Click ok.
It should pull up information about the service, when it asks if you want to reboot now click YES

#2 Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O18 - Protocol: bw+0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {30DD8853-FD3D-49B3-ADC6-059AE9AC3D9D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: tuvwvvw - tuvwvvw.dll (file missing)

O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)


Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

Post a fresh HijackThis log here
Let me know how your system is running now ??!!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Here are the latest results

Unread postby ksp683 » December 11th, 2006, 2:04 pm

Logfile of HijackThis v1.99.1
Scan saved at 12:01:31 PM, on 11/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINNT\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\nofun\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: (no name) - {C36F1E1A-424D-4EAA-9C06-E92C9E318E2D} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\system32\mgabg.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)



Thank you very much.
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

protection...

Unread postby ksp683 » December 11th, 2006, 2:16 pm

So I have the McAfee Total Protection 2007 program and I was just wondering if I should load that onto my computer now.
And also my Windows media player has stopped working (get an internal error message) so will I have to uninstall that and put it back on?
And one last little problem...My add/remove programs window from the control panel is messed up. It just opens up blank. As a fix I had downloaded a Trial Program called Innovatools Add Remove Plus! but seeing as its a trial and I only have 10 days left what would a possible solution be?
If you have any answers it would be greatly appreciated. I know its kinda off topic
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby Linkmaster » December 11th, 2006, 3:32 pm

And one last little problem...My add/remove programs window from the control panel is messed up. It just opens up blank

You have no Icons in there ??

And also my Windows media player has stopped working (get an internal error message) so will I have to uninstall that and put it back on?

This may possibly be the cause and a uninstall/reinstall wouldn't hurt for Media Player. But lets wait till we are clean !

So I have the McAfee Total Protection 2007 program and I was just wondering if I should load that onto my computer now

A couple more things first :

Seems I missed a service:

Go to Start, Run, type in services.msc then hit OK
Find and Double click on : (if present)

Microsoft Windows Spool Service and click on Stop in the Service Status section

In the Startup type section click the down arrow and select Disable
Select Apply and OK close services

Run HiJackThis
Click on "None of the above, just start the program" (if this pops up)
Now, click on the "Config" button (bottom right)
Click on "Misc Tools"
Then click on "Delete an NT Service" a window will pop up
Enter the below item into that field (copy and paste): (if present)

Windows Spool Service

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click NO

With HiJackThis still open
Click on the Config... button on the bottom right
Click on the Misc Tools tab
Click on Delete File on Reboot
Navigate to this file :

C:\WINNT\wdfmgr.exe

Double click on that file
HJT asks you if you want to reboot, Click YES

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log and the Kaspersky Virus Scan Log here

Thank You !! Let me know how your system is running now ?!?!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

a little snag

Unread postby ksp683 » December 11th, 2006, 5:05 pm

I can't seem to get the online check to work...a window pops up telling me a bunch of stuff then asks if i accept or decline
so I try pressing accept but nothing happens and when I press decline it just closes the window
I tried it in both Mozilla and Internet Expolorer
as for the add/remove programs thing...you are correct, no icons show up
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby ksp683 » December 11th, 2006, 9:45 pm

I could download the trial version probably and do it that way if you want. I'm busy for the rest of the night though...and I suppose depending on the time change you might be sleeping right now. lol
Later Gater
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby Linkmaster » December 12th, 2006, 9:49 am

Make sure your Popup Blocker is off !

Lets try this one :

Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report

Post a fresh HijackThis log and the Panda ActiveScan log here

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

of course...not gonna work

Unread postby ksp683 » December 12th, 2006, 11:33 am

hey, well this site isn't working either. I thought I had gotten rid of all my pop up programs. Can you tell me what I have reading off my log files?
Wish I knew more about computers so I wasn't so illiterate.
Kevin
ksp683
Regular Member
 
Posts: 21
Joined: December 8th, 2006, 2:19 pm

Unread postby Linkmaster » December 12th, 2006, 12:30 pm

The McAfee suite may have a setting set as well !

Control Panel, Internet options, Privacy tab, uncheck Popup Blocker on the bottom

Apply then OK
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware