PDA

View Full Version : What is KoolyNooly?? help needed.


Poleno
2008-10-05, 06:19
I dot 2 things that I can't get rid of. I'm familiar with only one of them, which is Trojan.Media-Codec/v4. But I also have malware called KoolyNooly. I have know idea what it is, but after one of anti-spyware programs removed it (several times already), it keeps coming back. Spybot can't even find it. I scanned my computer with many different anti-spyware programs - some of them recognized it but couldn't remove permanently.
This is my log. I would appreciate your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:30 PM, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.russiantvonline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\PROGRA~1\Mail.Ru\Sputnik\MAILRU~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe %SystemRoot%\system32\drivers\_svchost.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\PROGRA~1\Mail.Ru\Sputnik\MAILRU~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\PROGRA~1\Mail.Ru\Sputnik\MAILRU~1.DLL
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MAgent] "C:\Program Files\Mail.Ru\Agent\magent.exe" -LM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Поиск@Mail.Ru - res://C:\PROGRA~1\Mail.Ru\Sputnik\MAILRU~1.DLL/SEARCH.HTM
O8 - Extra context menu item: Словари@Mail.Ru - res://C:\PROGRA~1\Mail.Ru\Sputnik\MAILRU~1.DLL/TRANSLATE.HTM
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E4C365E-38E8-46FA-B4AF-0524FE23DA75}: NameServer = 194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E4C365E-38E8-46FA-B4AF-0524FE23DA75}: NameServer = 194.54.90.226
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E4C365E-38E8-46FA-B4AF-0524FE23DA75}: NameServer = 194.54.90.226
O18 - Protocol: bw+0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {E6E61C0C-A99E-4530-A86E-66BE346C91E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 25124 bytes
Blade81
2008-10-06, 11:19
Hi


Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Disable SpySweeper's realtime protection.

Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Poleno
2008-10-06, 16:02
I can't download Windows Recovery Console from Microsoft, 'cause I got my Windows XP from unauthorized copy.. so it won't recognize me.
Blade81
2008-10-06, 16:46
Hi


We don't support use of illegal software here (see post #4 (http://forums.spybot.info/showpost.php?p=25290&postcount=4) of Before you Post -sticky). Since your copy doesn't seem to be a legal one I can't unfortunately help you. The topic is now closed.