My problem / scan logs [Archive] - Safer-Networking Forums

tobulko

2006-11-26, 00:49

Whenever I start Firefox, an IE window pops up saying that my banner ID won some prize. Annoying. So I ran Adware, nothing. I ran SpyBot and my PC rebooted halfway through the scanning process. So I come here, and follow the process. Run online Panda Scan and get this:
Spyware:Cookie/Doubleclick Not disinfected
Spyware:Cookie/Atwola Not disinfected
Spyware:Cookie/Advertising Not disinfected
Spyware:Cookie/Mediaplex Not disinfected
Spyware:Cookie/Atlas DMT Not disinfected
Spyware:Cookie/2o7 Not disinfected
Spyware:Cookie/PointRoll Not disinfected
Spyware:Cookie/Maxserving Not disinfected
Spyware:Cookie/Toplist Not disinfected
Spyware:Cookie/Falkag Not disinfected
Spyware:Cookie/Xiti Not disinfected
Spyware:Cookie/Statcounter Not disinfected
Spyware:Cookie/FastClick Not disinfected
Spyware:Cookie/Casalemedia Not disinfected
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.overture.com/]
Spyware:Cookie/Adverserve Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.adverserve.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.kmpads.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[server.iad.liveperson.net/hc/63497638]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\tobu.DOM\Application Data\Mozilla\Firefox\Profiles\1esfrdv4.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tobu.DOM\Cookies\tobu@2o7[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected
Spyware:Cookie/Atwola Not disinfected
Spyware:Cookie/Toplist Not disinfected
Virus:W32/Rahack.B Disinfected C:\WINDOWS\pss\system.vbsCommon Startup

tobulko

2006-11-26, 00:50

continued

Then I run the safemode and do Spybot scan. But finds absolutely nothing. I run the HijackThis:

Logfile of HijackThis v1.99.1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MICROS~2\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\tobu.DOM\Desktop\hijackthis\HijackThis.exe

tobulko

2006-11-26, 00:51

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [BlueMealDoesDraw] C:\Documents and Settings\All Users.WINDOWS\Application Data\WIPE EGGS BLUE MEAL\tickfast.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\PROGRA~1\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [KindMode] C:\DOCUME~1\tobu.DOM\APPLIC~1\PROXYB~1\file safe software.exe
O4 - Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4176F0AA-689B-4E31-8C9F-0D8368F3E3AC}: NameServer = 192.168.2.1,192.168.2.2
O18 - Protocol: bw+0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8C9BEFED-41B0-437D-A7BB-93BA93B507FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: MSCoolServ - Unknown owner - C:\WINDOWS\System32\mscolsrv.exe" -service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

pskelley

2006-11-29, 12:54

Welcome to the forum, if you still need help and are not receiving it elsewhere, read about a trojan you have running from your services:
C:\WINDOWS\System32\mscolsrv.exe
Make sure you view the information under all tabs so you will know what this trojan has done to your security and possibly how you got it.
http://www.sophos.com/virusinfo/analyses/trojrahacka.html

I would like to get rid of the 018 lines in the log, see this information.
For your information, all of the 018 items in the log are the result of the Logitech Desktop Messenger which gets installed along with another Logitech program because the EULA agreement is not read. Unless you know what it is and use it, it is a resource waster and can be removed in Add Remove programs, but make sure you uninstall only what I highlite in red, this is optional:
C:\Program Files\Logitech\Desktop Messenger\ <<< uninstall only the program in red.

Disable the offending Service
Click Start > Run and type services.msc
Scroll down to MSCoolServ and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the offending Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (MSCoolServ) and press OK.
OK any prompts, close HijackThis, and restart your computer.

Post a new HJT log, we will have more to do.

Thanks

tashi

2006-12-06, 21:04

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.