Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet/windows Explorer


  • This topic is locked This topic is locked
6 replies to this topic

#1 timm

timm

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 20 June 2006 - 06:08 PM

Ok, well this started a few months ago where I saught help, and It was never fixed. basically what happens is whenever I launch internet explorer it gives me an error saying that it encountered an error and needs to close. It used to also say "dr-watson debugger encountered an error" but I think that part was fixed. However I got that message like 5 minutes ago while trying to delete a file so maybe it's not. I'm totally clueless about what to do and any help would be so appreciated:D heres a hijack this log. I don't get any errors when I use firefox. Thanks in advance:D

Logfile of HijackThis v1.99.1
Scan saved at 6:07:21 PM, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Timm\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: NameServer = 192.168.2.1
O18 - Protocol: bw+0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DLBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTserv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 21 June 2006 - 12:02 AM

Hi timm -

Welcome to BleepingComputer!

Before we begin, I need some information from you.

1. Is sympatico.ca (or Bell Canada) your Internet provider?
2. Do you have a router and, if so, what is the router's IP address?
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 timm

timm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 21 June 2006 - 01:29 PM

Yes sympatico is my ISP and so is rogers. I think i have a router, I mean, we're on a wireless network, and all our computers connect ip address though a main box. Im not sure how to get my ip though.

Edited by timm, 21 June 2006 - 03:33 PM.


#4 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 June 2006 - 02:44 AM

Hi timm -

Okay. Thanks for the info.

• I see that you have no Anti-Virus program ("AV") present on your system. While you have an anti-spyware program installed, you also need an AV program installed. Otherwise, the effort that we are expending in cleaning your system will rendered moot since it's a very good chance that you will become re-infected.
Please install an Anti-Virus program.
AVG -or- AntiVirฎ -or- Avast are good FREE Anti-Virus programs.
Never install more than one AV scanner on your system! Having more than one AV installed will likely cause your system to become unstable and seriously decrease the reliable detection of any malware.
Let your Anti-Virus perform a full scan and let it delete everything it finds.

• I also see that there is no software Firewall program present on your system. This will greatly help in preventing your system from being infected by malware. Please install a Firewall program.
ZoneAlarm -or- Agnitum Outpost Free -or- Kerio are good FREE software Firewall programs.
See, Understanding and Using Firewalls

• Lastly, you have Limewire installed on your computer. As you may (or may not) know, Limewire comes bundled with spyware. The only version of Limewire that I as aware of that does not come bundled with spyware is version 4.10.9.
If you wish to use Limewire and you do not have the above-mentioned version of Limewire, then I recommend that you uninstall the version that you have. You can then download Limewire version 4.10.9 and install it.
If you wish to uninstall the version of Limewire that you have:
- Open the LimeWire folder.
- Then open the folder UninstallerData.
- Double click the icon named Uninstall LimeWire or something alike.
- Follow the on screen prompt to uninstall the program.
Reboot your computer!

• Start Hijackthis, click System Scan Only and place a checkmark next to the following items:
R3 - Default URLSearchHook is missing
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab


If you uninstalled Limewire version on your system, then also place a checkmark next to the following item:
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Close ALL browsers and open windows and click 'Fix Checked'.

• If you uninstalled Limewire, navigate to and delete the following folder if present:
C:\Program Files\LimeWire <-- this folder

• You have an outdated version of Java which needs to be updated.
To update Java:
- Go to Start -> Control Panel -> Add/Remove programs
- Search in the list for all previous installed versions of Java. (J2SE Runtime Environment...)
- Select the version(s) and click Remove
- Then download and install the newest version from here and install the program.

• Reboot after installation.

• Now download ATF Cleaner by Atribune and save it to your desktop.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose:
Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the
prompt.
If you use Opera browserClick Opera at the top and choose:
Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the
prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each
menu.


• Next perform this online scan: Kaspersky Online Scanner. You will need to use Internet Explorer.
1. Read the Requirements and Privacy statement, then select Accept
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select Install to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click Allow
5. When the download is complete it will say ready, click Next
6. Click Scan Settings and check the option to use the EXTENDED DATABASE, then click OK
7. Select a target to scan: Click on My Computer
8. When the scan is complete choose to save the results as Save as Text


• Post back with results of the Kaspery Online scan and a new HijackThis log. Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 timm

timm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 June 2006 - 01:35 PM

Thanks for the help:D. I have done everything you have asked(I think?). Heres the new hijackthis log, and the kasperky report.

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 1:31:39 PM, on 22/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Timm\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE /2
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C9F7A5D-ECAB-4F59-A16E-4D713ECCD694}: NameServer = 192.168.2.1
O18 - Protocol: bw+0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {1FF30DA0-F9D9-4D09-833B-7E8FA3FDC75E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DLBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTserv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intelฎ Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, June 22, 2006 1:27:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 22/06/2006
Kaspersky Anti-Virus database records: 202051
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 56315
Number of viruses found: 11
Number of infected objects: 82
Number of suspicious objects: 0
Duration of the scan process: 00:37:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00623DAE.exe Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\073F7A21 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0742241D Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0742241D.exe Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08067B46.exe CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08132337.exe CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08174D34.exe CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082D731B.exe Infected: Trojan-Downloader.Win32.Small.bws skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082D731B.tmp Infected: Trojan-Downloader.Win32.Small.bws skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D413984.exe Infected: Trojan-Downloader.Win32.IstBar.nl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18CE00BA.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18CE00BA.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18CE00BA.zip CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C853AA4.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E213ACC.tmp Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27BB47CE.tmp Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\298E6CD4.tmp Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D482DCD.tmp Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DAA27C6 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\307E6103.exe CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E73612F Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50083AE7.tmp Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\550271AF Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EBF50FE.tmp Infected: Trojan-Downloader.Win32.Small.bws skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC93DD8.tmp Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B62732F.exe CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B72451D.exe Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E415A06.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034321.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034321.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034321.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034321.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034321.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034324.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034324.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034324.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034324.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034324.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034326.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034326.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034326.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034326.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034326.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034327.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034327.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034327.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034327.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0034327.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044771.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044771.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044771.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044793.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044793.exe mIRC: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044811.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044811.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0044811.exe NSIS: infected - 2 skipped

Scan process completed.


I had a glance at that log and where it says "sc-keylogger" I think thats just it finding the one I use to monitor my computer. However, I rarely look at it, so deleteing it isn't a problem. Also was that Kaspersky scan supposed to remove what it found? Because I don't think it did. When I ran the scan in IE I didn't get the error I usually do, so perhaps it's fixed:D

Edited by timm, 22 June 2006 - 01:36 PM.


#6 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 June 2006 - 04:55 PM

Hi timm -

My apologies. I didn't see your reply until now. Your log looks clean. What's leftover are infected files which Norton AntiVirus quarantined and your System Restore points.

• First, delete the infected files in the Quarantine folder by following these steps:
- Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
- Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents.
- Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
- Select the item you wish to remove and click on RED 'X' icon to delete it.
- This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
- Repeat for any other quarantined files you want to remove.
- When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

• If you have not done so, please empty your Recycle Bin.

• Create a new Restore Point:
- Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

• Delete the old Restore Points:
- Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

:!: Reboot your computer.

• To keep this clean in the future, I would suggest the following things:

• Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

• Download ATF Cleaner by Atribune and save to your desktop.
This program is for XP and Windows 2000 only
This is a good program for periodically cleaning your system. Instructions are here

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

• Let your anti-spyware scanner(s) scan frequently and don't forget to update before scanning.

• I suggest you perform an online virus-scan once in a while (Housecall and/or Bitdefender) because what one virus-scanner can't find, another one maybe can.
Also, make sure that your virus-scanner, the one that is already installed on your system, is always up to date!

• Make sure your Windows has the latest updates by going here.

• Consider switching to Mozilla Firefox.
This browser is considered to be far more secure than Internet Explorer and offers improved pop-up blocking. If you do decide to install Firefox, please read Switching from IE to Firefox.

• More information on how to prevent malware can be found at So how did I get infected in the first place? (by Tony Klein) and Malware Prevention: Prevent Re-infection.

Happy surfing again! :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 July 2006 - 05:20 PM

Due to a lack of response ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users