Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
7 replies to this topic

#1 roadstar7

roadstar7

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 February 2007 - 02:16 PM

Hi,

Since the weekend my PC is running incredibly slowly - takes about 5 minutes from choosing my user profile to the desktop icons actually being responsive. I have run Spybot search and destroy, Ad-Aware SE and AVG Anti-spyware and now I'm posting my hijackthis log and startup list for a little help. I'd be happy to pare the startup list back to an absolute minimum so advice on what I can get rid of will be appreciated. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 18:36:00, on 15/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?61210369f9c0424da67a4cf5e0084f29
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?61210369f9c0424da67a4cf5e0084f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


StartupList report, 15/02/2007, 18:36:34
StartupList version: 1.52.2
Started from : C:\Program Files\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.26-delta.exe
C:\Program Files\HJT\HijackThis.exe
c:\d105201ca01348667d05\mrtstub.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Corel Photo Downloader = C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Motive SmartBridge = C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
YBrowser = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll - {4D25F921-B9FE-4682-BF72-8AB8210D6D75}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Yahoo!\Common\YIeTagBm.dll - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\SET62.tmp => C:\WINDOWS\system32\wininet.dll|C:\WINDOWS\system32\SET63.tmp => C:\WINDOWS\system32\urlmon.dll|C:\WINDOWS\system32\SET64.tmp => C:\WINDOWS\system32\shlwapi.dll|C:\WINDOWS\system32\SET65.tmp => C:\WINDOWS\system32\shdocvw.dll|C:\WINDOWS\system32\SET6A.tmp => C:\WINDOWS\system32\mshtml.dll|C:\WINDOWS\system32\SET72.tmp => C:\WINDOWS\system32\browseui.dll|C:\WINDOWS\system32\SET74.tmp => C:\WINDOWS\system32\xpsp3res.dll||?

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

none = C:\Program Files\Key Generator\pmsngr.exe

--------------------------------------------------

End of report, 9,133 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:26 PM

Posted 28 February 2007 - 02:45 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

During the cleaning process, if any other issues appear, please let us know.
If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:26 PM

Posted 01 March 2007 - 03:11 PM

Step 1

I noticed that you have some programs that need to be updated.

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • On your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

Your "Adobe Reader" is out of date.
You may want to download the latest version, Adobeģ Readerģ 8.

Step 2

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Step 3

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.
  • Open AVG Anti-Spyware
  • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
  • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates .
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode. (without networking support !) If you donít know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine , if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 4

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that canít be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 5

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 6

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any): Do not worry if they are not there. If you updated Java and Adobe, these files may be gone or replaced with the new version.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll


These are optional fixes.
These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

Dell's MyWay process can be removed to free up resources without compromising system performance. Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. If you do not use this, I recommend that you remove it. Please follow the Removal instructions. Additional information on removing MyWay. Item(s) to fix in HijackThis:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll


ehtray.exe (Windows XP Media Center Edition 2005) process can be removed to free up resources without compromising system performance. Enables the user to access Windows Messenger from within Media Center. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so youíre always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

issch.exe ISUSScheduler ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so youíre always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

DLACTRLW.EXE (Sonic CD/DVD burning applications) process can be removed to free up resources without compromising system performance. Related to Sonic CD/DVD burning applications. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

bthelpnotifier or bthelpnotifier.exe process can be removed to free up resources without compromising system performance. bthelpnotifier.exe is BT Broadband Help Alerts and is a process installed alongside BT Broadband which provides additional configuration options for this product. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe

ybrwicon.exe (BT Yahoo Browser ) process can be removed to free up resources without compromising system performance. ybrwicon.exe is a part of the Yahoo Browser, and offers an easy to use icon for this product. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

Logi_MwX.exe (Logitech Mouseware) process can be removed to free up resources without compromising system performance. Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

mmtask or mmtask.exe process can be removed to free up resources without compromising system performance. mmtask.exe is a process belonging to MusicMatch Jukebox. MusicMatch Jukebox is an application used to organize and play multimedia files. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

DSAgnt.exe (Dell Support Agent ) process can be removed to free up resources without compromising system performance. Dell Support Agent offers additional support and update features for your Dell computer or laptop. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

msnmsgr.exe (MSN Messenger From Microsoft) (Windows Messenger) is the Microsoft instant messaging program built into Windows XP. There is also a Windows Messenger service built into Windows XP that helps produce pop up ads via IP addresses. The two programs are completely separate and do different things even though Microsoft has essentially named them the same. MSN Messenger from Microsoft is an online chat, instant messaging program and file sharing program bundled with Windows and Microsoft Office. MSN Messenger is another chat program from Microsoft that can run simultaneously with Windows Messenger. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger".
Item(s) to fix in HijackThis:
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Rename the "Windows Messenger" folder
  • Using Windows Explorer (Windows + E), click C: \Program Files\ Messenger.
  • Right click on Messenger. Select Rename.
  • Change the name to MessengerDisabled or MessengerOld.
  • You will get a message, Renaming, moving or deleting "Messenger" could make some programs not work. Are you sure you want to do this?
  • Click the Yes button.
acstart16.exe (autocad startup accelerator) process can be removed to free up resources without compromising system performance. Preloads some libraries that are used by AutoCAD in order to make the software load faster. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. idrivert.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for the service identified in the 023 line of HijackThis and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod. If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance. It is advised that you disable this program so that it does not take up necessary resources. To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService, Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService, Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service.

You appear to have a program on your system called Logitechģ Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program (Start > Control Panel > Add or Remove Programs) but this is entirely your decision. I suggest doing all updates yourself and removing this application!
Should you wish to uninstall the program, please follow these instructions.
  • Click Start.
  • Click Control Panel.
  • Double click Add or Remove Programs.
  • When the list has generated, scroll to Logitech Desktop Messenger.
  • Click Logitech Desktop Messenger to highlight it .
  • Click the button, Change/Remove.
  • Close Add or Remove Programs and Control Panel.
Or use this method:
Go to Start > All Programs > Logitech and select Desktop Messenger.
There are two check boxes which are self-explanatory. If you wish to stop the notifications, uncheck both boxes. The boxes are:

"Notifications about available Logitech software upgrades"
"Notifications about Logitech products, services, and special offers"

Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EE8E73E1-C402-44BD-A961-A852B8357B4B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 7

Letís run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

[color="blue"]Step 8

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that canít be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 roadstar7

roadstar7
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 07 March 2007 - 03:20 PM

wow, that took three sessions to get through, but thanks.

this is the result of the first online scan (with the computer association one):

crtdcghcn.jar-1e1cf1c9-31f7165d.zip>BaaaaBaa.class Java/ByteVerify!exploit
cannot cure
C:\Documents and Settings\01Steve\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\

crtdcghcn.jar-1e1cf1c9-31f7165d.zip>VaaaaaaaBaa.class Java/ByteVerify!exploit
cannot cure
C:\Documents and Settings\01Steve\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\

crtdcghcn.jar-1e1cf1c9-31f7165d.zip>Baaaaa.class Java/Shinwow.BJ
cannot cure
C:\Documents and Settings\01Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

crtdcghcn.jar-37bd576f-21b98790.zip>BaaaaBaa.class Java/ByteVerify!exploit
cannot cure
C:\Documents and Settings\01Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

crtdcghcn.jar-37bd576f-21b98790.zip>VaaaaaaaBaa.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\01Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

crtdcghcn.jar-37bd576f-21b98790.zip>Baaaaa.class Java/Shinwow.BJ
cannot cure
C:\Documents and Settings\01Steve\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

The other two I used (Windows Live Safety Centre and the "Trend" Scanner) gave no files that could not be deleted

Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 18:25:30, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?61210369f9c0424da67a4cf5e0084f29
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?61210369f9c0424da67a4cf5e0084f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

and the AVG Anti-spyware report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:05:21 07/03/2007

+ Scan result:



Nothing found.



::Report end




The buttons were responsive much quicker than before when booting up

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:26 PM

Posted 08 March 2007 - 03:39 PM

Step 1

ByteVerify!exploit indicates that we need to clear your Java cache.

Clearing the Java Plug-in cache ensures that the browser loads the latest versions of Java applications and applets. To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the Control Panel-Classic View. (The "Java Control Panel" appears.)
  • Click the General tab.
  • Under Temporary Internet Files, click Settings (The "Temporary Files Settings" window appears.)
  • In the Temporary Files Settings window, click the Delete Files... button. (The "Delete Temporary Files" window appears.)
  • In the Delete Temporary Files window, there are two options on this window:
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK. (The "Java Control Panel > General" tab appears.)
  • Click OK on the Temporary Files Settings window.
  • Note: Click on the "Java" tab.
    • If you want to view a specific applet, click the "View " button under the "Java Applet Runtime Settings".
    • If you want to Find, Add, or Remove an application from the cache, click the "View" button under "Java Application Runtime Settings."
  • If needed, see the Clear the Java Cache Tutorial.
Step 2
Please disconnect from the Internet. Please close ALL browser windows (including this one).

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any): Do not worry if they are not there.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 3

Letís run ATF-Cleaner again to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 4

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 roadstar7

roadstar7
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 13 March 2007 - 02:40 PM

Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:36:56, on 13/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?61210369f9c0424da67a4cf5e0084f29
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?61210369f9c0424da67a4cf5e0084f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


PC is running a lot smoother now thanks

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:26 PM

Posted 13 March 2007 - 05:19 PM

You are welcome. I am glad we could help.

Your log appears to be clean. Please advise me of any problems you still have.

Tools Downloaded To Clean Your Computer
I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware SE Personal Edition scans, detects, and removes spyware on your computer.
  • ATF-Cleaner features include:
    • Cleaning of all user temp folders, administrator only can use this feature.
    • Cleaning of the Java cache, which seems to be harboring more and more malware.
    • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
  • AVG Anti-Spyware is a good scanner to use. This will auto update for the trial period of 30 days. Afterwards, you will need to update manually before scanning. Scan weekly if you have high Internet use.
  • HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
Please take the time to read my All Clean Post. .
Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use An Antivirus Software and Keep It Updated: - It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
  • Install SpywareBlaster: SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:26 PM

Posted 26 April 2007 - 03:00 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users