Desktop Hijack

Printable View

August 5th, 2006, 01:27 PM
Fatboym

Desktop Hijack

Hi everyone,
looks like my desktop has been hijacked. A few months ago a trojan got to my desktop..it was one of those "click here to clean your system now" advertisements. I cleaned some stuff up, but looks like not everything is gone, as my desktop image is not appearing and I get the flashing grey/white screen.
Any help would be appreciated. Attached in this thread and next is my hijackthis log.
Thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:24 PM, on 8/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PurgeIE\PurgPro_Service.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\3Com\Launcher.exe
C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
C:\Program Files\Common Files\3Com\LanSupportService.exe
C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
D:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [5LL0TQ.exe] C:\temp\5LL0TQ.exe
O4 - HKLM\..\Run: [038R3ER] ciatetab.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConn ection OfotoNow
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
August 5th, 2006, 01:29 PM
Fatboym

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {442683CE-0D94-4960-953F-163A1918ED8F} (Pivotal eRelationship Active Access (Version 5.0) - Portal Control Proxy (rdaui.dll)) - http://pivotalweb/epower/cab/RdaUI.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C064491-CD2A-4278-BA81-3F5BBEB477B1}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{35FD4E57-18FA-4C2F-8842-352C33944979}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{71057B18-DEB8-4BDA-9CA0-9D36E5A9CC65}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{74F3C3FD-381A-4BEA-AEB8-2A1BF773ED66}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D24BDC-0AD5-4DF2-9738-6D626DA0CE83}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{C084D886-166C-4292-AD50-173EB3072435}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F5B894-F8A3-4B66-8803-1609A59318A1}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D81577-5820-4E6A-8597-D33435B7AC36}: NameServer = 85.255.116.98,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D48DEE-3255-40C9-A00B-D8B61E18A4C6}: NameServer = 85.255.116.98,85.255.112.123
O18 - Protocol: bw+0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
August 5th, 2006, 01:30 PM
Fatboym

O18 - Protocol: bwb0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: System - {647EFAE7-8D66-4AD2-BE24-82FB0E7477A1} - C:\WINDOWS\system32\system32.dll (file missing)
O23 - Service: 3Com Wireless LAN Support (AllWirelessLansService) - Unknown owner - C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: 3Com LAN Support (LanSupportService) - 3Com Corporation - C:\Program Files\Common Files\3Com\LanSupportService.exe
O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
O23 - Service: 3Link Engine (SAEngine) - 3Com Corporation - C:\Program Files\3Com\3Link\SAEngine.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
August 5th, 2006, 03:02 PM
CCT

5LL0TQ.exe doesn't Google as anything - it is in your C:/Temp folder.

ciatetab.exe doesn't Google as anything.

PdaNetPC.exe shows in a couple places discussing bad stuff.

O21 - SSODL: System - {647EFAE7-8D66-4AD2-BE24-82FB0E7477A1} - C:\WINDOWS\system32\system32.dll (file missing) : This is not good.

[TkBellExe] is identified as a mass mailer by some sites.

That is not to say ANY of those are causing your problem - it does say that stuff that isn't on Google hardly at all is strange.

Me, I would copy off whatever I could and do a clean insstall, probably even doing a disk overwrite with the 0-1 stuff to clean EVERYTHING.
August 6th, 2006, 08:26 AM
peshek77

http://www.ultimatebootcd.com/download.html

Try this link and if you can burn the image on another PC then you might not need to do a full reinstall. It has several antivirus/anti-spyware software programs on there, so it might be of some use to you. I don't think it will help you for the system32.dll missing. I am pretty sure, however that after you run the scans and clean whatever you find, just copy a system32.dll from another machine that runs the same operating system. I have not tried that last part and unfortunately to say it will either fix it, do nothing, or make it worse. :(

PS: CCT I know you have seen a similar post before :).
August 6th, 2006, 10:48 PM
Fatboym

Thanks for your suggestions. This is going to be a lot more effort then I thought. I had thought it was going to be a quick delete this, safe mode restart, and delete that.
System32.dll missing is bad though, didn't even notice that.
Thanks again..I'll have to find some time to try your suggestions.
August 7th, 2006, 01:32 PM
Jeff the Brit

System32.dll is NOT a legit Windows file. Google for system32.dll
You've still got spyware. Check NooNoo's sticky thread.
August 8th, 2006, 06:53 AM
Matridom

Uhm, perhaps the spyware is gone already. I know a few removal tools don't return the standard desktop (spyaxe variants for example). The spyware changes the background to an active desktop and points it towards a specific file on the local drive (secur32.html comes to mind here). Try changing your desktop and reboot, if the malware is still there, then clean more, otherwise, you will probably be good.

Use ewido, X-cleaner, and if you can afford it, spysweeper to clean your system.
September 1st, 2006, 10:08 PM
caffinatedfox

do u have viruswear? if not i would get AVG Free. i like it works fast good ect...
http://free.grisoft.com/doc/avg-anti.../lng/us/tpl/v5 theres a link. it boots up VERY fast and updates it self like every other day for free!