Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Please help HJT log included

Reply

Join Date: Mar 2006
Posts: 6
Reputation: danbarjohnson is an unknown quantity at this point 
Solved Threads: 0
danbarjohnson danbarjohnson is offline Offline
Newbie Poster

Please help HJT log included

 
0
  #1
Mar 31st, 2006
I believe I have what a lot of other people on this thread have according to reading posts and my spyware remover. My HJT log is attatched thank you in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:55:39 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\windows\sp2update00.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\daniel.johnson.NAE\My Documents\Hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HVXtfeahc] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\NEWADP~1.EXE
O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\system32\NEWADP~1.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [HVXtfeah$vùõˆ/–²%åžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HVz$vùõˆ/–²%åžßHhNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [mkif] C:\PROGRA~1\COMMON~1\mkif\mkifm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF9D15F-DF7D-4D7D-82DE-664CA01C7240}: Domain = nae.ds.army.mil
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O18 - Protocol: bw+0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\jtp6077se.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Program Files\Seagull\BarTender\7.51\CmdrSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 1,542
Reputation: tayspen is on a distinguished road 
Solved Threads: 98
Team Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: Please help HJT log included

 
0
  #2
Mar 31st, 2006
You may need to print these instructions as you wont have access to the internet insafe mode.

Hi, your pretty infected. For this fix please boot into safe mode, and configure windows to show hidden folders.

First though download the following, dont do anything yet.

Please download Look2Me-Destroyer.exe to your desktop.

Then proceed to booting into safe mode. To do this:

1 Click the Start Button

2 In the Start menu click Control Panel

3 In the Control panel Window click the Folder Options Icon

4 The folder Options Window will now Open

5 Click the View Tab

6 In the view tab window look down the list for a section marked Hidden Files and Folders

7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.

8 Press the Apply button

9 On the next screen press OK to exit

10 You should now be able to view the hidden files and folders.

------------------------

1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Then when in safe mode please run HJT again, and check the following.


O4 - HKLM\..\Run: [HVXtfeahc] C:\WINDOWS\hqkhh.exe

O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\NEWADP~1.EXE

O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\system32\NEWADP~1.exe

O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe

O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe

O4 - HKLM\..\Run: [HVXtfeah$vùõˆ/–²%åžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [mkif] C:\PROGRA~1\COMMON~1\mkif\mkifm.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil

O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF9D15F-DF7D-4D7D-82DE-664CA01C7240}: Domain = nae.ds.army.mil

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\jtp6077se.dll


Click Fix Checked

Then please do this.

--Now run the Look2Me-Destroyer.exe. TYou donwloaded before going into safe mode.
--Close all windows before continuing.
--Double-click Look2Me-Destroyer.exe to run it.
--Put a check next to Run this program as a task.
--You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
--When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
--Once it's done scanning, click the Remove L2M button.
--You will receive a Done Scanning message, click OK.
--When completed, you will receive this message: Done removing infected files! --Look2Me-Destroyer will now shutdown your computer, click OK.
--Your computer will then shutdown.
--Turn your computer back on.


-------------------------------------------------------
Whie your still in safe mode, please delete these files.

C:\WINDOWS\hqkhh.exe

C:\WINDOWS\system32\NEWADP~1.EXE

C:\WINDOWS\system32\NEWADP~1.exe

C:\WINDOWS\msresearch.exe

C:\windows\sp2update00.exe

C:\WINDOWS\hqkhh.exe

C:\PROGRA~1\COMMON~1\mkif\mkifm.exe

C:\WINDOWS\system32\jtp6077se.dll

Empty Recycle bin
-------------------------------------------------------
Reboot normally.

Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds.

Post a new HJT log, and the ewido log, and the C:\Look2Me-Destroyer.txt log
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Please help HJT log included

 
0
  #3
Mar 31st, 2006
EDIT - Tay beat me to it
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC