Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me! I Need It Bad!


  • This topic is locked This topic is locked
18 replies to this topic

#1 Butterfly3x5

Butterfly3x5

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 October 2006 - 10:22 AM

I have a ie popup saying Trojan-spy.win32@mx; where it directs me to purchase an antivirus software. I am also getting popups from Adult finder. Please help me. Below is my Hijackthis log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 10:15:06 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6906d5a946a14cbcad7ba4bd95a8c423
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6906d5a946a14cbcad7ba4bd95a8c423
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: bw+0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 24 October 2006 - 12:43 PM

Ok, I am bad! lol.... I didn't read the perparations guide first. So I am in the process of doing adaware scan #2. The first scan had 32 critical objects and I deleted them. So let me see what happens with scan #2 and hopefully after that I can move on to spybot. sorry
Hugs,
Lisa

#3 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 25 October 2006 - 07:03 AM

Well I followed all the steps in the Preparation Guide. It took me 6 scans with Adaware, but finally there was nothing showing up. I didn't do the windows update because I think I am a xp sp 2 user. Here is my hijack log after doing everything else. Thanks for the help!

Logfile of HijackThis v1.99.1
Scan saved at 6:57:32 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6906d5a946a14cbcad7ba4bd95a8c423
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6906d5a946a14cbcad7ba4bd95a8c423
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: bw+0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 27 October 2006 - 12:44 PM

Helo Butterfly3x5,


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 November 2006 - 09:57 AM

Here's the report from smitfraudfix. does this have something to do with "adult" sites? If so someone has some explaning to do! lol My adult son better run for the hills.

SmitFraudFix v2.117

Scan done at 8:50:51.98, Thu 11/02/2006
Run from C:\Documents and Settings\LISA 1\Desktop\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\LISA


C:\Documents and Settings\LISA 1\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\LISA1~1\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\VideoCompressionCodec\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 02 November 2006 - 01:02 PM

Hi Butterfly3x5,

does this have something to do with "adult" sites? If so someone has some explaning to do! lol My adult son better run for the hills.


No, I dont think so.


You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Edited by SifuMike, 02 November 2006 - 01:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 November 2006 - 07:46 PM

SmitFraudFix v2.117

Scan done at 18:25:29.76, Thu 11/02/2006
Run from C:\Documents and Settings\LISA 1\Desktop\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VideoCompressionCodec\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



Logfile of HijackThis v1.99.1
Scan saved at 6:43:27 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d781e3d6955a42f88ad5f58f22ad6e40
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d781e3d6955a42f88ad5f58f22ad6e40
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O18 - Protocol: bw+0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 02 November 2006 - 08:45 PM

Hello Butterfly3x5,

Looks like we killed most of the infection, but see still have some items to clean up. :thumbsup:


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

Into Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


"fix" all of these O18's:

O18 - Protocol: bw+0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot to the Normal Mode.


Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :flowers:

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


Post a new Hijackthis log, the BitDefender log and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 November 2006 - 11:54 PM

BitDefender Online Scanner



Scan report generated at: Thu, Nov 02, 2006 - 22:45:43





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







Statistics

Time
01:45:57

Files
875913

Folders
7790

Boot Sectors
3

Archives
20321

Packed Files
108379




Results

Identified Viruses
8

Infected Files
74

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
146




Engines Info

Virus Definitions
312084

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09AC4975.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09AC4975.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09AC4975.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40393.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40393.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40393.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7F7D3F.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7F7D3F.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7F7D3F.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F1A58A2.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F1A58A2.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F1A58A2.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14182DA7.htm=>(Quarantine-2)
Suspected of: Exploit.JS.CVE.2006.3730

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14182DA7.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14182DA7.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14255598.htm=>(Quarantine-2)
Suspected of: Exploit.JS.CVE.2006.3730

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14255598.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14255598.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2C2A71.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2C2A71.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2C2A71.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FFF0E09.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Winfixer.O

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FFF0E09.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FFF0E09.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\270208E4.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\270208E4.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\270208E4.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27125AD2.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27125AD2.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27125AD2.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271504CE.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271504CE.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271504CE.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271C58C7.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271C58C7.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271C58C7.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271F02C4.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271F02C4.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\271F02C4.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27222CC0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27222CC0.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27222CC0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\272656BC.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\272656BC.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\272656BC.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29945134.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29945134.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29945134.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29BB4909.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29BB4909.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29BB4909.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C546FE.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C546FE.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C546FE.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C870FA.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C870FA.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C870FA.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1D349D.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1D349D.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1D349D.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF41263.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF41263.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF41263.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312E10D6.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312E10D6.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312E10D6.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313564CF.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313564CF.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313564CF.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CD2F8D.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CD2F8D.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CD2F8D.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39397DFD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39397DFD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39397DFD.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C311AB9.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C311AB9.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C311AB9.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7D463E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7D463E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7D463E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FE44C5E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FE44C5E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FE44C5E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E504FEC.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E504FEC.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E504FEC.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2F3B5C.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2F3B5C.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2F3B5C.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F700315.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F700315.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F700315.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D56369.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D56369.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D56369.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP174\A0024205.dll
Detected with: Application.Adware.NewDotNet.B

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP174\A0024205.dll
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP174\A0024205.dll
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP180\A0025664.EXE
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP180\A0025664.EXE
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP194\A0033337.dll
Infected with: Trojan.FakeAlert.DJ

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP194\A0033337.dll
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP194\A0033337.dll
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033433.EXE=>(Quarantine-2)
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033433.EXE=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033435.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033435.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033435.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033436.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033436.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033436.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033437.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033437.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033437.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033438.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033438.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033438.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033439.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033439.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033439.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033440.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033440.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033440.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033441.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033441.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033441.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033442.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033442.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033442.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033443.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033443.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033443.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033444.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033444.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033444.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033447.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033447.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033447.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033448.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACH

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033448.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP195\A0033448.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP196\A0035692.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP196\A0035692.exe
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP196\A0035692.exe
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0046981.exe
Infected with: MemScan:Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0046981.exe
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0046981.exe
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0047039.exe
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0047039.exe
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP197\A0047039.exe
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052760.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052760.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052760.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052761.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052761.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052761.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052762.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052762.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052762.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052763.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052763.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052763.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052764.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052764.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052764.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052765.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052765.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052765.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052766.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052766.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052766.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052767.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052767.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052767.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052768.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052768.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052768.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052769.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052769.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052769.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052770.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052770.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052770.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052771.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052771.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052771.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052772.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052772.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052772.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052773.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052773.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052773.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052774.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052774.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052774.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052775.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052775.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052775.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052776.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052776.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052776.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052777.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052777.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052777.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052778.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052778.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052778.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052779.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052779.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052779.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052780.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052780.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052780.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052781.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052781.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052781.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052782.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052782.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052782.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052783.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052783.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052783.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052784.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Zlob.ACI

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052784.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP206\A0052784.exe=>(Quarantine-2)
Deleted




Logfile of HijackThis v1.99.1
Scan saved at 10:51:48 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d781e3d6955a42f88ad5f58f22ad6e40
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d781e3d6955a42f88ad5f58f22ad6e40
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O18 - Protocol: bw+0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59

#10 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 03 November 2006 - 12:03 AM

My computer is working great! Not slow and no silly pop-ups! Thanks! :thumbsup:
Butterfly3x5

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 03 November 2006 - 12:31 AM

Hello Butterfly3x5,

Not quite clean yet. We have minor cleanup to do.
I think you misunderstood me when I said "Fix" all the O18's and removed only one. :thumbsup:

*******************************************

Into Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.

O18 - Protocol: bw+0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B59F3926-5E06-462C-9633-19EFE9A23F05} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B59



*******************************************

Let's empty the temp files:

Run CCleaner.

*******************************************

Reboot to the Normal Mode and post a new Hijackthis log

Edited by SifuMike, 03 November 2006 - 12:31 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 03 November 2006 - 09:30 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:26:40 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d781e3d6955a42f88ad5f58f22ad6e40
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d781e3d6955a42f88ad5f58f22ad6e40
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 03 November 2006 - 12:57 PM

Hello Butterfly3x5,



Your log looks clean! :thumbsup: Good job on the cleanup!

Lets clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.



Please read and follow Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Butterfly3x5

Butterfly3x5
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 03 November 2006 - 02:02 PM

I am a little confused on the Rest & Re-enable System Resore. Do I do that first or is that what the directions will help me do. I just wanna make sure that I am doing everything right.
Thanks
Butterfly3x5

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:45 PM

Posted 03 November 2006 - 02:16 PM

Do I do that first or is that what the directions will help me do.



Do what first?
I dont understand your question. :thumbsup:

My directions are numberd 1,2,3 so just follow that.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users