Sorry I can't find any forums that are allowing registeration to post my HiJack This logs.. so I apologize, but I recently started getting this one error whenever I boot up my computer.. Here is a log:




Logfile of HijackThis v1.97.7
Scan saved at 2:16:19 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\ProfileAMP\Profile8.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\jdvaubp.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\suploads.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\picript.exe
C:\WINDOWS\system32\prrtect.exe
C:\WINDOWS\system32\prrtect.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WebRebates\WebRebates.exe
C:\Documents and Settings\Chris La\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {7F5ED39D-917C-4E95-AB0C-04E83FCF7216} - C:\WINDOWS\system32\fnoqe.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF41F588-BA9F-5C73-69B8-3978647EA1D3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {DF4F4D1A-7F36-CC2E-56D2-F005EE09CEBE} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ProfileAMP] C:\Program Files\ProfileAMP\Profile8.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\program files\aim\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [rpkzegbjxva] C:\WINDOWS\system32\jdvaubp.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\suploads.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [MemoryOptimizer] memtuneup.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [H07pROf2W] picript.exe
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100482408046
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwh0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {61C760AD-7D28-4C7D-B833-6BE47738BF39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll





Suggestions?

u should go to this website http://www.tomcoyote.org/hjt/
the forum there has people dedicated to analysing hijackthis logs


gildan2020
try this

try this

Yeah I tried that + the otehr sites givin ont eh Homepage and they won't allow me to register =/

Yeah I tried that + the otehr sites givin ont eh Homepage and they won't allow me to register =/
I'm sending you a pm

Yeah I tried that + the otehr sites givin ont eh Homepage and they won't allow me to register =/

Try here: http://boards.cexx.org/viewforum.php?f=1

Yeah I tried that + the otehr sites givin ont eh Homepage and they won't allow me to register =/
have u tried registering this...http://forums.tomcoyote.org/?
why won't they allow u to register anyway?


gildan2020

have u tried registering this...http://forums.tomcoyote.org/?
why won't they allow u to register anyway?


gildan2020Jeez, If you ppl will just read the dang thread, this stuff has already been said. This thread isnt even a full page yet. :angry: Sorry Gildan, but this is becoming a trend tonight.



u should go to this website http://www.tomcoyote.org/hjt/
the forum there has people dedicated to analysing hijackthis logs


gildan2020

try this

You may register at SpywareInfo (http://forums.spywareinfo.com/?act=Reg&CODE=00) for help. I can help you here or there.

You have lots of malware that should be removed .
Some suggestions for now.

You have a coolwebsearch infection
Download CWShredder from InterMute CWShredder 2.0. (http://www.intermute.com/spysubtract/cwshredder_download.html)
Close all open browsers and windows.
Open CWShredder and click on fix to run
It will remove all bad files found, click next then exit.

Download the latest version of Ad-Aware SE from here (http://www.lavasoft.de/support/download/).
Close all open browsers and windows.
Open Ad-Aware and from the main screen Click on "Check for Updates Now".
Click on the "Scan Now" button on the left.
Under "Select Scan Mode,select "Perform full system scan".
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then reboot
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it found. Allow it to finish.

Download Spybot (http://www.safer-networking.org/en/download/index.html). It may find some additional files to fix.
Before running it , click on "update" then "search for updates" and download any found.
Click on "search & destroy" then click "check for problems"
Click "fix selected problems" to fix boxes checked in red only.

Run an Online Scan from one of the following sites:

Panda's Active Scan
http://www.pandasoftware.com/activescan/co...n_principal.htm (http://www.pandasoftware.com/activescan/com/activescan_principal.htm)

Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/

Your copy of hijackthis is out dated. Download the latest version here. (http://www.spywareinfo.com/~merijn/files/HijackThis.exe) You can place the new version on your desktop, but make a new folder for it and move hijackthis.exe into it. It makes backup copies that will be placed there. If you would like to work on this here, complete the scans and post a new hijackthis log.