Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Boat Load Of Trojans! Smitfraud, Trojan.winshow.js.b, Trojan.winshow. Trojan.agent.em, Troj Agent.oz, Tro Dloader.qf,tro Startpag.re


  • Please log in to reply
37 replies to this topic

#1 pacificoast

pacificoast

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 23 October 2006 - 03:49 PM

Hello,

I'm sadly back again. I was here in the summer.

My computer has been acting up. Lots of activites that point to infection.

I also have seen my CPU usage jump and pretty much stay at 100% with no active applications open, virutally locked up, or locked up. Fan runs like crazy. My firewall was set to off, without me doing it. Poltergeist in this computer!

Prep work as listed on the *Before you post* section is complete. I'm sorry that this posting is so long, but I'm including virus scans as well as the HijackThis log.

I used Pandascan, and Bitdefender and my own Trendmicro ran overnight as well.

Results for Pandascan:

Incident Status Location

Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\Care2GTU.exe
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\a.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\Care2GTU\System\Code\bf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\bq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\Care2GTU\System\Code\bs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\dc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\dm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\du.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\dx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\i.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\j.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\p.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\q.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\s.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\Care2GTU\System\Code\t.class
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\system32\wininet.dll
____________________________________________________

Results for Bitdefender:

BitDefender Online Scanner


Scan report generated at: Mon, Oct 23, 2006 - 01:53:21


Scan path: C:\;D:\;E:\;G:\;


Statistics

Time
06:49:03

Files
334952

Folders
7504

Boot Sectors
3

Archives
13678

Packed Files
24130




Results

Identified Viruses
5

Infected Files
21

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
36




Engines Info

Virus Definitions
478181

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Laurie Gassman\My Documents\setup programs and downloads\kl210kppe.exe=>(Instyler o)=>(Instyler Module 8)
Infected with: DeepScan:Generic.Malware.SFN!.8E6A178B

C:\Documents and Settings\Laurie Gassman\My Documents\setup programs and downloads\kl210kppe.exe=>(Instyler o)=>(Instyler Module 8)
Disinfection failed

C:\Documents and Settings\Laurie Gassman\My Documents\setup programs and downloads\kl210kppe.exe=>(Instyler o)=>(Instyler Module 8)
Deleted

C:\Documents and Settings\Laurie Gassman\My Documents\setup programs and downloads\kl210kppe.exe=>(Instyler o)
Update failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1E.tmp
Infected with: Trojan.Winshow.JS.B

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1E.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1E.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1F.tmp
Infected with: Trojan.Winshow.JS.B

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F1F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F20.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F20.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F20.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F21.tmp=>(Quarantine-4)
Infected with: Trojan.Winshow.125024.DLL

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F21.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F21.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F22.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F22.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F22.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F23.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F23.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F23.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F24.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F24.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F25.tmp=>(Quarantine-4)
Infected with: Trojan.Winshow.125024.DLL

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F25.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F25.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F26.tmp
Infected with: Trojan.Winshow.JS.B

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F26.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F26.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F27.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F27.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F28.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F28.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F29.tmp
Infected with: Trojan.Winshow.JS.B

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F29.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F29.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2A.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2A.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2A.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2B.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2B.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2B.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2E.tmp
Infected with: Trojan.Winshow.JS.B

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2E.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F2E.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3C.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Agent.BQ

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3C.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3C.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3D.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3D.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3F.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F3F.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F40.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F40.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F41.tmp=>(Quarantine-4)
Infected with: Trojan.Agent.EM

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F41.tmp=>(Quarantine-4)
Deleted

_____________________________________________

Results for Trendmicro[u]:(mine):

TROJ AGENT.OZ

TRO DLOADER.OF

TRO STARTPAG.RE

TRO DLOADER.QF

TRO STARTPAG.RE

TRO DLOADER.QF

TROJ AGENT.OZ

TROJ AGENT.OZ

TROJ AGENT.OZ

TROJ AGENT.OZ

_________________________________________

[u]HijackThis log
:

Logfile of HijackThis v1.99.1
Scan saved at 4:06:33 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media

Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media

Platform\sv_httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Anti Spyware\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://antwrp.gsfc.nasa.gov/apod/"); (C:\Documents and Settings\Laurie

Gassman\Application Data\Mozilla\Profiles\default\sjpqhko3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%

5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Laurie

Gassman\Application Data\Mozilla\Profiles\default\sjpqhko3.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar -

{06647158-359E-4D10-A8DE-E6145DA90BE9} -

C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection -

{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar -

{871F91FD-3A92-4988-A842-16AB2CFF5AF1} -

C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -

C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey

Utility\HKserv.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet

Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]

KHALMNPR.EXE
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program

Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) -

{3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)
O9 - Extra button: Bugnosis -

{630CB4FA-AA9E-4bf2-BBD1-81C239203E2F} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra button: AOL Instant Messenger (SM) -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft

Money\System\mnyside.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live

Safety Center Base Module) -

http://cdn.scan.safety.live.com/resource/d.../wlscbase969.ca

b
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsupdate/...n/x86/client/wu

web_site.cab?1161192991961
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl

Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared

Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan

Class) -

http://download.mcafee.com/molbin/iss-loc/...mcfscan/2,0,0,4

529/mcfscan.cab
O18 - Protocol: bw+0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6BD549C5-CF0B-4166-9C75-771272397875} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 -

{6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc.

- C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend

Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro

Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VAIO Media Music Server (Application)

(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner -

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe"

/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO

Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP)

(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program

Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe"

/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony

Corporation\VAIO Media Platform\2.0"

/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)

(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\VAIO Media

Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application)

(VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner -

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)

(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program

Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe"

/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony

Corporation\VAIO Media Platform\2.0"

/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)

(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\VAIO Media

Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

_______________________________________________

After doing all the scans, things seem a little less unstable, but not good at all!!!!

Not sure I listed all the trojans, and didn't list the spyware, etc. But it should be in the logs. Thought I'd run out of space in the heading.

Thanks for any and all help!

pacificoast

Edited by pacificoast, 23 October 2006 - 03:54 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 29 October 2006 - 11:57 PM

Hello pacificoast,


Since you are so infected, I want you to run some additonal scans.

***************************************************


Please download, update and run the a-squared Free 2.0

Select the "Deep Scan" button and press the Scan button.

If malware is found, click the button "Remove Selected Malware"
and save the log file by clicking on "Save Report".

Let it delete whatever it finds.

***************************************************



Download and install AVG Anti-Spyware 7.5 (formerly Ewido)

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
5. Click on "Save Report" to view all completed scans.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware 7.5

When done and submit theAVG Anti-Spyware 7.5 log report and a fresh Hijackthis log.

Note: Please make sure that Word Wrap is turned OFF in Notepad before you copy and paste the HijackThis log here. Take a look at the log you just posted. It's an eye killer
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 30 October 2006 - 10:54 AM

Hi SifuMike--

Thanks!

See you later, when completed.

pacificoast

Edited by pacificoast, 30 October 2006 - 11:06 AM.


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 30 October 2006 - 10:58 AM

a-squared free 2.0 is free :thumbsup: that is the one to run.

Edited by SifuMike, 30 October 2006 - 11:01 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 30 October 2006 - 11:11 AM

Thanks SifuMike--

Yeah, yeah, braincramp! I got it. :thumbsup:

pacificoast

#6 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 30 October 2006 - 02:34 PM

Hi :thumbsup:

I dowloaded and ran the a-squared Free 2.0, but may have screwed this up already by my caution in deleting things. I read about Heuristic Dialers and decided that at least two of those were legitimate, and so restored them from the quarantine section. I also (obvioulsy) quarantined what it found, including some cookies, because I recognized at least a couple of them, one for a browser and the other for a site which I get sick of signing into.

I also read the compatiblity warnings on AVG Anti-Spyware 7.5 (formerly Ewido), and can't find my virus program listed in their listing for compatible programs. I am running TrendMicro PC-cilln 2006. I have heard that you cannot run two virus programs at once, and am unsure of what this will do to the functonality of mine, given that AVG doesn't list it as safe to run in tandem. Here's the list: Compatibility

Please advise me as to what to do.

pacificoast

Edited by pacificoast, 30 October 2006 - 02:35 PM.


#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 30 October 2006 - 04:25 PM

I also read the compatiblity warnings on AVG Anti-Spyware 7.5 (formerly Ewido), and can't find my virus program listed in their listing for compatible programs. I am running TrendMicro PC-cilln 2006. I have heard that you cannot run two virus programs at once, and am unsure of what this will do to the functonality of mine, given that AVG doesn't list it as safe to run in tandem. Here's the list: Compatibility

Please advise me as to what to do.



Hi pacificoast,

You dont need to worry, as all the major antivirus programs work with AVG Anti-Spyware 7.5 (formerly Ewido).

existing programs are compatible with AVG Anti-Spyware
PC-Chillin Internet Security Trend Micro
PC-Cillin Trend Micro, Inc





It is true that you should not run two antivirus programs in memory at the same time, but AVG Anti-Spyware 7.5 is not a antivirus program. It is an anti-spyware program.

So go back to my directions in the previous post and run it. :thumbsup:

Edited by SifuMike, 30 October 2006 - 04:28 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 30 October 2006 - 04:47 PM

SifuMike,

Thank you.

I am SUCH a Virgo!

(. . . and muching on eyeball candies) Muhahahaha!!!!!!!!!!!!!!!!

Back later. Thanks!

pacificoast

Sorry on the wordwrap. Will do. It drove me nuts too! I took it off wordwrap before posting, but it seemed somehow wrong!!!

Edited by pacificoast, 30 October 2006 - 06:27 PM.


#9 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 31 October 2006 - 10:28 AM

Good morning, and Happy Halloween, SifuMike-

Wordwrap is off!! Sorry.

Scans are done.

AVG Anti-Spyware 7.5 log report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:23:42 AM 10/31/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{677F1711-9252-F24B-4D54-8BE119CD9837} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B2CEAC62-786C-911B-9FC6-E8983E655D36} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB540F8A-4134-49B4-F1C4-4452D5210129} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF756452-2FA2-7C43-6CAF-070E594D543C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87} -> Downloader.Fugif : Cleaned with backup (quarantined).
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@ezgreets.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.54:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.10:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.36:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.76:C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Firefox\Profiles\hhw3p6hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Laurie Gassman\Cookies\laurie gassman@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

__________________________________________________________

HJThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:30 AM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Anti Spyware\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://antwrp.gsfc.nasa.gov/apod/"); (C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Profiles\default\sjpqhko3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Laurie Gassman\Application Data\Mozilla\Profiles\default\sjpqhko3.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)
O9 - Extra button: Bugnosis - {630CB4FA-AA9E-4bf2-BBD1-81C239203E2F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161192991961
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...529/mcfscan.cab
O18 - Protocol: bw+0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

______________________________

Thanks for your time and attention.

pacificoast

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 31 October 2006 - 11:15 AM

Hi Pacificoast,

Happy Hallloween. :thumbsup:

Now we will removal some items from your log.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Yours old version is Java jre1.5.0_06
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.



I don't believe Logitech Desktop Messenger is something you will ever miss, but instead of uninstalling it, just follow my instructions below (which will stop it running) but will still leave it available for you to run manualy, should you so desire...

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)


"Fix" all of these O18's:

O18 - Protocol: bw+0 - {6BD549C5-CF0B-4166-9C75-771272397875} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


*******************************************

Next, we're going on a file hunt. :flowers:
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx <==file
C:\Program Files\Care2GTU\ <== folder
C:\WINDOWS\Downloaded Program Files\WUInst.inf <==file

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 31 October 2006 - 02:15 PM

Virgo here...

Java Web Start, as well?

pacificoast (on the east coast)

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 31 October 2006 - 02:19 PM

Hi

You lost me. :thumbsup: Where are you seeing Java Web Start ?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 31 October 2006 - 02:32 PM

MUUUU AH HAH HAH HAH!

Still on the Halloween thing...

Sorry!!! My head is a scary place for others. Thanks for your patience, SifuMike.

I'm seeing it in Add/Remove Programs, in Control Panel.

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 31 October 2006 - 02:34 PM

Just leave it alone. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 pacificoast

pacificoast
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Location:Baltimore, Maryland
  • Local time:07:48 AM

Posted 31 October 2006 - 02:37 PM

Thanks!! See you! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users