View Full Version : spyware help
alexstron
12-22-2004, 02:31 PM
Hi guys,
I havnt been in here for a while this is probably the wrong place but i recognise some of you names.
Despite running weekly spyware checks with spybot,adaware,spywareblaster,avg,a pop up blocker and sygate sailing full steam ahead.Fuc***g pop-ups are slowly begining to creep through at an alarming rate.and now for the first time ever Im getting spam.
Any idea what else i could get to stop the pop up's and any recomendations on a spam filter
Happy Xmas
Alex
Rick Phlegm
12-22-2004, 03:07 PM
Run HijackThis and post a log.
Might also be worth getting the topic title changed and moved to SoftwareWorld as the guys there will be able to help you out a lot.
backlash
12-22-2004, 05:02 PM
what does the question have to do with suprnova?
alexstron
12-22-2004, 05:11 PM
Absolutely nothing but so what it's xmas
RealitY
12-22-2004, 05:13 PM
You could try FF and see if you get them there as well...
alexstron
12-22-2004, 05:27 PM
Logfile of HijackThis v1.99.0
Scan saved at 17:23:17, on 22/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\alex\LOCALS~1\Temp\Rar$EX01.875\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://adblock.linkz.com/abho/bandsearch.abs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://linkz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/indexBroadband.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - http://adblock.linkz.com/APHelper.dll
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4406/mcfscan.cab
O18 - Protocol: bw+0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BF1168C7-C3FE-4CB9-BF2E-8EC1E75AFBF9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
ok heres my log............any ideas
back in an hour off to the pub
happy xmas
orcutt989
12-22-2004, 05:31 PM
We need Rossco.
tesco
12-22-2004, 09:55 PM
test
edit; WTF is this i try posting the solution and i cant post, but i can post crpa like "test." :huh:
eidt 2: OK, who broke the forum?
edit 3: here i just uploaded what i was trying to post in a text file. (stupid forum)
Peerzy
12-22-2004, 10:18 PM
Rossco I cannot post your solution file either.
tesco
12-22-2004, 10:24 PM
Rossco I cannot post your solution file either.
Very wierd.
Reality said he can't edit his guide which could mean that there's problems with large posts. :unsure:
Joakim Agren
12-22-2004, 10:40 PM
Hello!
These ones is nasty and should be removed/fixed:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://adblock.linkz.com/abho/bandsearch.abs
O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
These ones might be nasty but can also be good it is up to you to delete them if you think that they are nasty, I would delete them:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://linkz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/indexBroadband.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsaf...unttracking.cab
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - http://adblock.linkz.com/APHelper.dll
remove this one to:
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
Thats all that I could find in your log hope it helps!!
alexstron
12-23-2004, 12:46 AM
thanks for your help heres the next hi jack log
Logfile of HijackThis v1.99.0
Scan saved at 00:43:33, on 23/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alex\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\Downloaded Program Files\APHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - http://adblock.linkz.com/APHelper.dll
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4406/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
cheers dude and if i dont hear from you happy xmas
tesco
12-23-2004, 01:08 AM
Fix:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
and i think that's it.
run one last spysweeper scan to make sure that everything is gone.
Computer runing ok now?
Also, get rid of spambuster and adblock and stuff like that.
Just install a good antispyware app like spysweeper, spybot s&d, adaware, or giant antispyware.
Install one good antivirus app.
and install one firewall like zone alarm or sygate.
and antitrojan scanner is also recomended.
Then stop using Internet Explorer (which lets popups come up and spyware install) and use Firefox (http://www.mozilla.com/firefox/) instead. It is a much more secure browser, and you will find that it is very customizable too. :)
fkdup74
12-23-2004, 01:57 AM
for spysweeper or giant, you have to either buy it or...ummm....you know :P
and for that kinda trouble, I'd highly recommend pest patrol
worth the search IMO :)
and btw, isnt spybot s&d kinda dead?
what are they doing now? yearly updates or somethin? :P
Smurfette
12-23-2004, 05:21 AM
Uninstall that Logitec shit Desktop Messenger in COntrol Panel.
Also, thie:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
is only the ISP home page.
Smurfette
12-23-2004, 05:27 AM
and btw, isnt spybot s&d kinda dead?
what are they doing now? yearly updates or somethin? :P
There's updates to download every time I run v1.3. If you use v1.2 though, it says there aren't any.
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.