0

I believe I have what a lot of other people on this thread have according to reading posts and my spyware remover. My HJT log is attatched thank you in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:55:39 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\windows\sp2update00.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\daniel.johnson.NAE\My Documents\Hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HVXtfeahc] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\NEWADP~1.EXE
O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\system32\NEWADP~1.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [HVXtfeah$vùõˆ/–²%åžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HVz$vùõˆ/–²%åžßHhNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [mkif] C:\PROGRA~1\COMMON~1\mkif\mkifm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF9D15F-DF7D-4D7D-82DE-664CA01C7240}: Domain = nae.ds.army.mil
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O18 - Protocol: bw+0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A39A42A-ED8B-4403-A28C-8EA4F98A6E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\jtp6077se.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Program Files\Seagull\BarTender\7.51\CmdrSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

3
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by D3m3nt3d
0

You may need to print these instructions as you wont have access to the internet insafe mode.

Hi, your pretty infected. For this fix please boot into safe mode, and configure windows to show hidden folders.

First though download the following, dont do anything yet.

Please download Look2Me-Destroyer.exe to your desktop.

Then proceed to booting into safe mode. To do this:

1 Click the Start Button

2 In the Start menu click Control Panel

3 In the Control panel Window click the Folder Options Icon

4 The folder Options Window will now Open

5 Click the View Tab

6 In the view tab window look down the list for a section marked Hidden Files and Folders

7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.

8 Press the Apply button

9 On the next screen press OK to exit

10 You should now be able to view the hidden files and folders.

------------------------

1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.

Then when in safe mode please run HJT again, and check the following.


O4 - HKLM\..\Run: [HVXtfeahc] C:\WINDOWS\hqkhh.exe

O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\NEWADP~1.EXE

O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\system32\NEWADP~1.exe

O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe

O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe

O4 - HKLM\..\Run: [HVXtfeah$vùõˆ/–²%åžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hqkhh.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [mkif] C:\PROGRA~1\COMMON~1\mkif\mkifm.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil

O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF9D15F-DF7D-4D7D-82DE-664CA01C7240}: Domain = nae.ds.army.mil

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\jtp6077se.dll

Click Fix Checked

Then please do this.

--Now run the Look2Me-Destroyer.exe. TYou donwloaded before going into safe mode.
--Close all windows before continuing.
--Double-click Look2Me-Destroyer.exe to run it.
--Put a check next to Run this program as a task.
--You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
--When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
--Once it's done scanning, click the Remove L2M button.
--You will receive a Done Scanning message, click OK.
--When completed, you will receive this message: Done removing infected files! --Look2Me-Destroyer will now shutdown your computer, click OK.
--Your computer will then shutdown.
--Turn your computer back on.


-------------------------------------------------------
Whie your still in safe mode, please delete these files.

C:\WINDOWS\hqkhh.exe

C:\WINDOWS\system32\NEWADP~1.EXE

C:\WINDOWS\system32\NEWADP~1.exe

C:\WINDOWS\msresearch.exe

C:\windows\sp2update00.exe

C:\WINDOWS\hqkhh.exe

C:\PROGRA~1\COMMON~1\mkif\mkifm.exe

C:\WINDOWS\system32\jtp6077se.dll

Empty Recycle bin
-------------------------------------------------------
Reboot normally.

Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds.

Post a new HJT log, and the ewido log, and the C:\Look2Me-Destroyer.txt log

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.