1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

can't delete ladHide5.dll from Temp

Discussion in 'Malware and Virus Removal Archive' started by bwanaludo, 2006/04/24.

  1. 2006/04/24
    bwanaludo

    bwanaludo Inactive Thread Starter

    Joined:
    2006/04/24
    Messages:
    3
    Likes Received:
    0
    Hello,

    I'm having problems deleting file ladHide5.dll from my \\...Local Setttings\Temp
    folder. If I try to delet it it says "please remove the write protection ".
    I can delete it if I reboot in safe mode, but it reappears on normal reboot.
    My AV (PC-Cillin) was reporting some infenction with trojans couple days back,
    but things have gone quiet now. Spybot S&D scan comes clean, so does AdAware's. Following one of the older threads mentioned below I downloaded CWShredder, that found nothnig, as was the case with Symantec's Backdor.Agent.B Removal Tool.


    I've found the following two former threads:

    http://www.windowsbbs.com/showthread.php?t=42267
    http://www.windowsbbs.com/showthread.php?t=43588

    that adressed the similar (or same?) problem but I'm not sure if the solutions aren't case specific and can I use them in my case. So I'm attaching HJ log (wich is suspiciously long) and asking any kind soul with more knowledge on the subject two questions:
    1. Do I still have problems with malware?
    2. How to mend them?

    I use: Win XP, PC-Cillin, AdAware, Spybot S&D, SpywareBlaster

    Many thanks in advace!


    Logfile of HijackThis v1.99.1
    Scan saved at 14:26:36, on 24.4.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\totalcmd\TOTALCMD.EXE
    D:\install\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.copernic.com/explorer17/?l=ENG&e=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.copernic.com/home17/?l=ENG
    R3 - URLSearchHook: (no name) - {83B79436-C1A7-427B-B40D-689E9CC71FAE} - C:\PROGRA~1\COPERN~1\CO5F28~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe "
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.rdvsystems.com/ViewerInstall.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145871942765
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: bw+0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
    bwanaludo,
    #1
  2. 2006/04/24
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    bwanaludo - Welcome to the Board :)

    IAdHide5.dll (not ladHide5.dll :)) is associated with Backweb which is used by LogitechDesktopMessenger which is basically an autoupdater for Logitech software.

    I suggest you remove LogitechDesktopMessenger and check these lines in a new scan by HJT in Safe Mode and then hit Fix Selected ...

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O18 - Protocol: bw+0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A8E62E3B-CE5A-40EE-B469-B0FE16B15305} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    and these two which refer to missing files ....

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

    Turn off System Restore - your restore points will be infected, scan again and post another HJT log. When clean you can turn System Restore back on.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/04/25
    bwanaludo

    bwanaludo Inactive Thread Starter

    Joined:
    2006/04/24
    Messages:
    3
    Likes Received:
    0
    PeteC many thanks for your effort!

    I have done like you suggested. All the

    018 - Protocol... \Logitech\Desktop Messenger\...

    lines disappeared from the HJT log allready upon uninstall of the Desktop Messenger. (Safe mode, System restore off)

    I checked the other two lines regarding missing files and hit fix in HJT.


    018 - Protocol ...\msgrapp.dll

    is now gone,

    023 - Service: Norman... ...\nipsvc.exe

    reappeared. Norman is an AV SW I used to have, but uninstalled.

    Did a Reboot in Normal Mode, HJT Scan&Log.
    Here is the HJT log after those steps
    (wasn't sure if the decisive log is the one from Safe Mode or from Normal Boot?... I'm posting the one from Normal Boot).
    It look's nicer to me (it's quite a bit shorter anyway :) ), can I kindly ask for
    your opinion?


    Logfile of HijackThis v1.99.1
    Scan saved at 7:58:58, on 25.4.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\totalcmd\TOTALCMD.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\install\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.copernic.com/explorer17/?l=ENG&e=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.copernic.com/home17/?l=ENG
    R3 - URLSearchHook: (no name) - {83B79436-C1A7-427B-B40D-689E9CC71FAE} - C:\PROGRA~1\COPERN~1\CO5F28~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe "
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.rdvsystems.com/ViewerInstall.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145871942765
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
    bwanaludo,
    #3
  5. 2006/04/25
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Your log looks clean to me - I would not worry about the

    023 - Service: Norman... ...\nipsvc.exe

    as you know what it is - looks like the result of an incomplete uninstall to me.

    Turn System Restore back on and let us know if you have any further problems.
     
    PeteC,
    #4
  6. 2006/04/25
    bwanaludo

    bwanaludo Inactive Thread Starter

    Joined:
    2006/04/24
    Messages:
    3
    Likes Received:
    0
    PeteC thanks again, and thanks also for the offer to come back and nag with more problems if I run into them...
     
    bwanaludo,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...