Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91631 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Lots of infections - advanced user


  • This topic is locked This topic is locked
6 replies to this topic

#1 JAOOTPYKHA

JAOOTPYKHA

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 June 2008 - 11:37 PM

Hello. I am running a windows 2000 professional installation on my desktop and have what seems to be several infections. I play the online game Final Fantasy 11 and received an error on login just a few days ago. This error is related to smart.dll located in the system32 folder which is supposed to be a keylogger looking for login information for my game account. In downloading Hijackthis as per suggestion at a game forum, I found my desktop to be infected with much more than smart.dll. I had previously recovered from vundo several months back and it was one of the things that showed up in Hijackthis. So, below are my Hijackthis and Anti-Malware logs. To be noted however, is the fact that I used Hijackthis by myself before finding this forum as I know my computer very well, know what shouldn't be on it.. and am a computer science major. I wouldn't mind learning how to properly use Hijackthis but that's for later. Given these circumstances, I hope that I haven't screwed up anything, and please tell me what any fixes you suggest do to my system. I should be able to understand technical stuff. Thank you for your help.

Anti-Malware log :

Malwarebytes' Anti-Malware 1.14
Database version: 826

7:27:44 PM 6/4/2008
mbam-log-6-4-2008 (19-27-40).txt

Scan type: Full Scan (F:\|)
Objects scanned: 140713
Time elapsed: 28 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: f:\winnt\system32\ntos.exe -> No action taken.

Folders Infected:
F:\Documents and Settings\Administrator\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> No action taken.

Files Infected:
F:\Documents and Settings\Administrator\Desktop\system32\__c0097924.dat (Trojan.Vundo) -> No action taken.
F:\Documents and Settings\Administrator\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> No action taken.
F:\eMule\Driver Magician v3.28 Incl Keymaker-Core\CORE10k.EXE (Trojan.Agent) -> No action taken.
F:\RECYCLER\S-1-5-18\Df20.tmp (Trojan.Casino) -> No action taken.
F:\RECYCLER\S-1-5-18\Df53.exe (Trojan.Downloader) -> No action taken.
F:\RECYCLER\S-1-5-18\Df135\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
F:\WINNT\quit.exe (Trojan.Downloader) -> No action taken.
F:\WINNT\system32\bak\dyz.dll (Adware.ClickSpring) -> No action taken.
F:\Documents and Settings\Administrator\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> No action taken.
F:\Documents and Settings\Administrator\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> No action taken.
F:\Documents and Settings\Administrator\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> No action taken.
F:\WINNT\cookies.ini (Malware.Trace) -> No action taken.
F:\WINNT\system32\pac.txt (Malware.Trace) -> No action taken.
F:\Documents and Settings\Administrator\Application Data\Install.dat (Trojan.Agent) -> No action taken.
F:\WINNT\system32\ntos.exe (Backdoor.Bot) -> No action taken.


HiJackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:50 AM, on 6/5/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Citrix\GoToMyPC\g2svc.exe
F:\WINNT\system32\hidserv.exe
F:\Program Files\Citrix\GoToMyPC\g2comm.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Program Files\Citrix\GoToMyPC\g2pre.exe
F:\Program Files\Citrix\GoToMyPC\g2tray.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\Explorer.EXE
F:\WINNT\system32\conime.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
F:\Program Files\Logitech\QuickCam10\QuickCam10.exe
F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
F:\WINNT\system32\atwtusb.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Logitech\QuickCam10\COCIManager.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
F:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

F2 - REG:system.ini: UserInit=F:\WINNT\system32\userinit.exe,F:\WINNT\system32\ntos.exe,
O1 - Hosts: entry DnsMap
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AE63E568-55DB-5025-F93C-7EA297E84DC4} - F:\WINNT\system32\dyz.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GoToMyPC] "F:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "F:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [GammaLaunch] I:\Program Files\Pulsar Software\GammaLaunch\gamma.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" -turbo
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM ® - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185606947171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA54856-9C6C-47BF-9070-0643A5ADF337}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: bw+0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - F:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 18080 bytes


Thanks again.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 June 2008 - 05:16 AM

Hello JAOOTPYKHA

Welcome to the Whatthetech Malware Removal Forum Sorry for the delay in responding but with the amount of people posting with infected computers there are not enough hours in the day

Your infected with the SDBot worm , lets do this


Its important that this tool be run in Safemode to be effective so download it to your desktop and then boot to Safemode to run it.

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode





Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Now rerun Malwarebytes and make sure you check off to fix everything.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-----Don't forget this
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.


Post the SDFix log, the New Malwarebytes log and a New HJT log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 JAOOTPYKHA

JAOOTPYKHA

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 10 June 2008 - 05:22 PM

Thanks for the help so far! One more thing I'd like to note is the fact that before I posted to the What the Tech forum, I attempted to boot into safe mode and was completely unable to do so. What I ended up doing was importing the registry entries required for safe mode to run (which had been removed from my registry somehow). This allowed me to boot into safe mode thankfully. Thought it might be of some relevance. Below are my new HJT, AntiMalware, and SDFix logs.


SDFix :


SDFix: Version 1.190
Run by Administrator on Tue 06/10/2008 at 6:57p

Microsoft Windows 2000 [Version 5.00.2195]
Running From: F:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

F:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk - Deleted
F:\RECYCLER\S-1-5-18\Df10.dllb - Deleted
F:\RECYCLER\S-1-5-18\Df11.dllb - Deleted
F:\RECYCLER\S-1-5-18\Df12.dllb - Deleted
F:\RECYCLER\S-1-5-18\Df8.dllb - Deleted
F:\RECYCLER\S-1-5-18\Df9.dllb - Deleted
F:\WINNT\system32\.exe - Deleted
F:\WINNT\system32\.exe - Deleted
F:\Documents and Settings\Administrator\My Documents\desktop 6-9-08\system32\wsnpoem\video.dll - Deleted
F:\Documents and Settings\Administrator\My Documents\desktop 6-9-08\system32\wsnpoem\audio.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 19:03:17
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="F:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:38,43,4a,e2,bd,0e,7c,ba,3e,92,1a,d9,bc,07,43,db,5a,7d,9e,ba,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,32,f6,22,ec,d1,92,86,2b,cb,c0,fb,79,25,8a,7a,39,..
"khjeh"=hex:a8,9a,ac,77,56,a8,af,f7,25,ad,8f,df,d9,6b,2b,28,52,ef,41,e4,93,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,9c,ad,2e,5d,24,c4,62,4f,d6,2a,a2,d9,18,b0,79,51,35,07,24,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:abb1ccda
"s1"=dword:a0011a49
"s2"=dword:4a56271f
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="F:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:38,43,4a,e2,bd,0e,7c,ba,3e,92,1a,d9,bc,07,43,db,5a,7d,9e,ba,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,32,f6,22,ec,d1,92,86,2b,cb,c0,fb,79,25,8a,7a,39,..
"khjeh"=hex:a8,9a,ac,77,56,a8,af,f7,25,ad,8f,df,d9,6b,2b,28,52,ef,41,e4,93,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,b9,93,47,88,9f,e5,df,55,d8,30,d0,16,9a,a6,70,48,35,08,31,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="F:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:38,43,4a,e2,bd,0e,7c,ba,3e,92,1a,d9,bc,07,43,db,5a,7d,9e,ba,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,32,f6,22,ec,d1,92,86,2b,cb,c0,fb,79,25,8a,7a,39,..
"khjeh"=hex:a8,9a,ac,77,56,a8,af,f7,25,ad,8f,df,d9,6b,2b,28,52,ef,41,e4,93,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,b9,93,47,88,9f,e5,df,55,d8,30,d0,16,9a,a6,70,48,35,08,31,b2,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31jィ\16f\35g?"="-3 "
"\31jィ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Remaining Files :


File Backups: - F:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 14 Nov 2006 445,756 ..SH. --- "F:\WINNT\system32\vycdd.bak2"
Wed 14 Nov 2007 445,297 A.SH. --- "F:\Documents and Settings\Administrator\My Documents\desktop 6-9-08\system32\vycdd.tmp"

Finished!

AntiMalware :

Malwarebytes' Anti-Malware 1.14
Database version: 826

7:12:47 PM 6/10/2008
mbam-log-6-10-2008 (19-12-47).txt

Scan type: Quick Scan
Objects scanned: 34237
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:04 PM, on 6/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Citrix\GoToMyPC\g2svc.exe
F:\WINNT\system32\hidserv.exe
F:\Program Files\Citrix\GoToMyPC\g2comm.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Program Files\Citrix\GoToMyPC\g2pre.exe
F:\Program Files\Citrix\GoToMyPC\g2tray.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\Explorer.EXE
F:\WINNT\system32\conime.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
F:\Program Files\Logitech\QuickCam10\QuickCam10.exe
F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
F:\WINNT\system32\atwtusb.exe
F:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
F:\Program Files\PeerGuardian2\pg2.exe
I:\Program Files\Pulsar Software\GammaLaunch\gamma.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Logitech\QuickCam10\COCIManager.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AE63E568-55DB-5025-F93C-7EA297E84DC4} - F:\WINNT\system32\dyz.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GoToMyPC] "F:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "F:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [GammaLaunch] I:\Program Files\Pulsar Software\GammaLaunch\gamma.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" -turbo
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM ® - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185606947171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA54856-9C6C-47BF-9070-0643A5ADF337}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: bw+0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - F:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 18059 bytes

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 June 2008 - 07:29 PM

Hello,

Your doing great :thumbup:

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

02 - BHO: (no name) - {AE63E568-55DB-5025-F93C-7EA297E84DC4} - F:\WINNT\system32\dyz.dll (file missing)




You need to enable windows to show all files and folders, instructions Here

Delete the files in Red

F:\WINNT\system32\vycdd.bak2
F:\WINNT\system32\dyz.dll
F:\Documents and Settings\Administrator\My Documents\desktop 6-9-08\system32\vycdd.tmp




Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


Post a new HJT log and let me know how your system is running now??

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 JAOOTPYKHA

JAOOTPYKHA

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 11 June 2008 - 06:09 AM

Hello again. Thanks for all your help! My desktop seems to be back to normal. I'm not noticing the problem with Final Fantasy 11 that I was getting when all of this started. One thing I don't really care for would be the fact that three instances of CLI.exe have to be running all the time. I have read that each instance runs different parts of the ATI system but if that's not the case, would you be able to tell? Thanks again for the help! My newest HJT log is below.


HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:29 AM, on 6/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\hidserv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
F:\WINNT\system32\atwtusb.exe
F:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
F:\Program Files\PeerGuardian2\pg2.exe
I:\Program Files\Pulsar Software\GammaLaunch\gamma.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\WINNT\system32\internat.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GoToMyPC] "F:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common

Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "F:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [GammaLaunch] I:\Program Files\Pulsar Software\GammaLaunch\gamma.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" -turbo
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection

Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM ® - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...b?1185606947171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA54856-9C6C-47BF-9070-0643A5ADF337}: NameServer =

68.87.68.162,68.87.74.162
O18 - Protocol: bw+0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C6F7EFA7-5245-444B-8F6C-5518373F3EC1} - F:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - F:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

F:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - F:\Program

Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe

--
End of file - 17249 bytes

#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2008 - 10:21 AM

Looking Good :thumbup:

Not sure you want to fool around with the ATI Graphics files, I would leave them be. You may want to contact them with your concerns, we only do Malware Removal in this forum. You can try posting here and one of our techs may be able to help you with that.





Safe Surfn
Ken

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 June 2008 - 06:40 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users