Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pop ups from unknown source

Started by sliknick105 , Apr 20 2006 08:08 PM

  • Please log in to reply

#1
sliknick105
Posted 20 April 2006 - 08:08 PM

sliknick105

    New Member

  • Member
  • Pip
  • 7 posts
Thanks in advance for any help. the pop ups (ironically) generally advertise security software including "Sysprotect" and "WinAntiVirusPro" (the website to this is http://www.amaena.co...lid=alllids&h=4 and warns me against the "Bloodhound" virus if that helps) but also advertise for "adult friend finder". In addition i've gotten notices that my memory isn't at the level it should be and my computer has been running slower. Thanks Again!

Logfile of HijackThis v1.99.0
Scan saved at 9:43:14 PM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
F:\Program Files\Logitech\ImageStudio\LogiTray.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zinlbemvu...pz2Yj5PFbi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.disney.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.disney.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {39D36F7F-81ED-45DC-87A3-A51824966B06} - F:\WINDOWS\system32\hgggd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\windows\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://f:\windows\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\windows\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\windows\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\windows\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.ne...v/dlControl.CAB
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: bw+0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Unknown - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

Advertisements

#2
Wizard
Posted 20 April 2006 - 08:25 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi sliknick105 and Welcome to GeekstoGo!

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Please post the contents of C:\vundofix.txt-> the WinPFind log-> results from Panda Scan and a new HiJackThis log.
  • 0

#3
sliknick105
Posted 20 April 2006 - 09:32 PM

sliknick105

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
VundoFix V4.2.69

Checking Java version...

Scan started at 10:34:13 PM 4/20/2006

Listing files found while scanning....

F:\WINDOWS\system32\hgggd.dll
F:\WINDOWS\system32\dgggh.ini
F:\WINDOWS\system32\dgggh.bak1
F:\WINDOWS\system32\dgggh.bak2

F:\WINDOWS\system32\dgggh.bak1
F:\WINDOWS\system32\dgggh.bak2
F:\WINDOWS\system32\dgggh.ini
F:\WINDOWS\system32\hgggd.dll
Attempting to delete F:\WINDOWS\system32\hgggd.dll
F:\WINDOWS\system32\hgggd.dll Has been deleted!

Attempting to delete F:\WINDOWS\system32\dgggh.ini
F:\WINDOWS\system32\dgggh.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\dgggh.bak1
F:\WINDOWS\system32\dgggh.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\dgggh.bak2
F:\WINDOWS\system32\dgggh.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
aspack 6/15/2001 1:17:08 PM 362441 F:\Program Files\$$$$Easy Money$$$$.exe
UPX! 12/15/2004 11:40:42 AM 203264 F:\Program Files\HijackThis.exe
aspack 11/8/2005 9:51:38 PM 894976 F:\Program Files\iview397.exe
UPX! 8/3/2004 5:18:16 PM 1434149 F:\Program Files\mkw-mfc42.exe
UPX! 8/3/2004 5:19:58 PM 1129122 F:\Program Files\mkwact097b1.exe
UPX! 1/17/2005 12:28:00 AM 8680872 F:\Program Files\setupeng.exe

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 8:00:00 AM 41397 F:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 6:38:24 PM 716800 F:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 6:38:24 PM 716800 F:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 4/6/2006 3:48:38 PM 5143456 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 3:48:38 PM 5143456 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 F:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 F:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 1/31/2004 8:20:12 PM 183808 F:\WINDOWS\SYSTEM32\rmvtrjan.trb
aspack 1/29/2004 2:22:00 AM 271360 F:\WINDOWS\SYSTEM32\trjscan.trb
aspack 12/30/2003 7:52:36 PM 343552 F:\WINDOWS\SYSTEM32\trupd.trb
winsync 8/23/2001 8:00:00 AM 1309184 F:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 F:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in F:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/20/2006 10:49:24 PM S 2048 F:\WINDOWS\bootstat.dat
4/19/2006 1:54:28 AM H 54156 F:\WINDOWS\QTFont.qfn
4/10/2006 9:53:30 PM HS 38925 F:\WINDOWS\system32\pmkhh.dll
3/22/2006 7:17:30 PM S 14054 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 2:15:38 AM S 10925 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/17/2006 5:24:26 AM S 12455 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 6:03:56 AM S 22339 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/20/2006 10:49:14 PM H 8192 F:\WINDOWS\system32\config\default.LOG
4/20/2006 10:49:30 PM H 1024 F:\WINDOWS\system32\config\SAM.LOG
4/20/2006 10:49:26 PM H 12288 F:\WINDOWS\system32\config\SECURITY.LOG
4/20/2006 10:49:34 PM H 61440 F:\WINDOWS\system32\config\software.LOG
4/20/2006 10:49:32 PM H 815104 F:\WINDOWS\system32\config\system.LOG
4/16/2006 3:05:54 AM H 1024 F:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2/25/2006 2:58:32 AM S 18 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
2/25/2006 2:58:32 AM S 1047 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
2/25/2006 2:58:32 AM S 20531 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2/25/2006 2:58:32 AM S 1370 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
4/16/2006 12:15:34 PM S 7652 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
2/25/2006 2:58:32 AM S 216 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
2/25/2006 2:58:32 AM S 126 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
2/25/2006 2:58:32 AM S 216 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2/25/2006 2:58:32 AM S 194 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
4/16/2006 12:15:34 PM S 134 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
4/16/2006 3:16:34 AM HS 388 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\387b1556-7a8c-4d9c-b9da-4ae8fed43b49
4/16/2006 3:16:34 AM HS 24 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
4/20/2006 10:00:02 PM H 256 F:\WINDOWS\Tasks\B40264739E11E353.job
4/20/2006 10:00:02 PM H 292 F:\WINDOWS\Tasks\EB6AFCA38431D86F.job
4/20/2006 10:48:06 PM H 6 F:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 F:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 F:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 F:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 10/8/2004 1:23:58 PM 282624 F:\WINDOWS\SYSTEM32\camcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 F:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 F:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 F:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 F:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 F:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 F:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 F:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/19/2003 6:48:12 PM 61555 F:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 F:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 F:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 F:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 F:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 F:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 F:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 F:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 F:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 F:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 F:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 F:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 F:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 F:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 F:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 F:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 F:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 F:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 F:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/29/2003 11:11:24 AM HS 84 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/27/2005 9:28:52 PM 1833 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
8/27/2005 9:33:58 PM 1954 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
1/30/2005 8:37:26 PM 1885 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
7/29/2003 4:09:00 PM 1725 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
7/29/2003 4:09:00 PM 928 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
10/26/2003 5:41:20 PM 1518 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/29/2003 6:58:10 AM HS 62 F:\Documents and Settings\All Users\Application Data\desktop.ini
4/4/2006 11:04:56 PM 3704 F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
7/29/2003 11:11:24 AM HS 84 F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
12/20/2003 3:48:14 AM 256000 F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Checking files in %USERPROFILE%\Application Data folder...
7/29/2003 6:58:10 AM HS 62 F:\Documents and Settings\Administrator\Application Data\desktop.ini
8/2/2003 2:31:48 AM 0 F:\Documents and Settings\Administrator\Application Data\dm.ini
3/20/2006 10:43:52 PM 127 F:\Documents and Settings\Administrator\Application Data\iScrobbler.ini
1/20/2004 3:26:50 PM 784 F:\Documents and Settings\Administrator\Application Data\mpauth.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = F:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = F:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = F:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = F:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = F:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= F:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = f:\windows\googletoolbar3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} = AIM Search : F:\Program Files\AIM Toolbar\AIMBar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : f:\windows\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : F:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : F:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : F:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : f:\windows\googletoolbar3.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{44420A5A-8929-47EC-B0BC-A7213154D9D9} = :
{A367AC38-EB98-52CB-384A-39A9906A9B79} = :
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : F:\Program Files\AIM Toolbar\AIMBar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
GhostStartTrayApp F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
MMTray F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
TkBellExe "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
IntelliPoint "F:\Program Files\Microsoft IntelliPoint\point32.exe"
SunJavaUpdateSched F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
mmtask F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
TrojanScanner F:\Program Files\Trojan Remover\Trjscan.exe
LogitechGalleryRepair F:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray F:\Program Files\Logitech\ImageStudio\LogiTray.exe
LVCOMSX F:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair F:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray F:\Program Files\Logitech\Video\LogiTray.exe
ViewMgr F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
iTunesHelper "F:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "F:\Program Files\QuickTime\qttask.exe" -atboottime
AdaptecDirectCD "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
KernelFaultCheck %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "F:\Program Files\Messenger\msmsgs.exe" /background
AIM F:\Program Files\AIM\aim.exe -cnetwait.odl
LDM F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
LogitechSoftwareUpdate "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
Yahoo! Pager F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
RealPlayer "F:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = F:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/20/2006 11:07:01 PM

I'm doing the panda scan now and will post it when it is finished. Thanks so much!
  • 0

#4
sliknick105
Posted 20 April 2006 - 11:13 PM

sliknick105

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Incident Status Location

Adware:adware/purityscan Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\sdexe.exe
Adware:adware/statblaster Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\StatBlaster.exe
Spyware:spyware/netshagg Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe
Spyware:spyware/new.net Not disinfected F:\WINDOWS\NDNuninstall5_40.exe
Adware:adware/sidesearch Not disinfected F:\PROGRAM FILES\Lycos
Adware:adware/ncase Not disinfected F:\PROGRAM FILES\nCase
Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM\stub.exe
Adware:Adware/FreeScratch Not disinfected C:\WINDOWS\SYSTEM\support.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\SYSTEM\BDErastDX3.dll
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM\P2P Networking\MARSHAL.DLL
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM\P2P Networking\P2P Networking.exe
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM\P2P Networking v123.cpl
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\BDE\b3dsetup.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\BDE\BDEplayer3.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\BDE\BDEengine3.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\BDE\BDEwrapper3.dll
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\default@2o7[3].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\default@qksrv[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\Cookies\default@trafficmp[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\default@atdmt[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\default@qksrv[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\default@2o7[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\default@hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\default@questionmarket[1].txt
Spyware:Cookie/Gator Not disinfected C:\WINDOWS\Cookies\default@gator[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\default@mediaplex[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\Cookies\default@advertising[1].txt
Spyware:Cookie/Gator Not disinfected C:\WINDOWS\Cookies\default@gator[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\default@hitbox[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Linksynergy Not disinfected C:\WINDOWS\Cookies\default@linksynergy[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\default@mediaplex[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\default@qksrv[3].txt
Spyware:Cookie/go Not disinfected C:\WINDOWS\Cookies\default@go[1].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\Cookies\default@advertising[3].txt
Spyware:Cookie/Paypopup Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\default@questionmarket[2].txt
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\newdotnet3_36.dll
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_80.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_50.exe
Adware:Adware/WebSearch Not disinfected C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\SWDI9284.BUD[btiein.dll]
Adware:Adware/Superbar Not disinfected C:\superbarinstaller_wildmedia.exe
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\226a5cca.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\2754aaba.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\321b818b.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\33afa154.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\596e0393.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\5c0981c6.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\5dc103e2.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\5f968055.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\60f881a1.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\62b00156.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\64484de6.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\656b860e.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6601cd74.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\67230130.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\67d94ce3.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\68051bd8.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\693bb23b.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\69da87a1.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6af33229.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6b920627.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6cf43c0f.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6daab2ec.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6e4d95c7.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\6f623220.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\70443284.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\71648fac.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\717f518d.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\721db9b2.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\733c6c49.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\73d532fd.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\753732c2.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\768cb317.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7836a661.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\791b6f92.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\798e2664.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\79a63351.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7b47a67e.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7b7fb2dc.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7bd5c3e9.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7c322f6d.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7c3cc691.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7c41b2a1.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7cbfcd96.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7d8a6f92.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7e193230.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7e7ee6df.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7f43ef63.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\7feeb270.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\Inside Program.exe
Spyware:Spyware/New.net Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\NNSJB388.exe
Adware:Adware/PurityScan Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\ps_install-sjb.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\Rem182.exe
Adware:Adware/BuddyLinks Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\sdexe.exe
Adware:Adware/Exact.BargainBuddy Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\sjbe_bbi8014.exeez.exe
Adware:Adware/SideSearch Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\ss_IGN3_setup.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\sta129.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\sta3D4F.exe
Adware:Adware/Lop Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\staAA.exe
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[wbhshare.dll]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[Webhdll.dll]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[WhAgent.exe]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[whAgent.inf]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[whieshm.dll]
Adware:Adware/WebHancer Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe[whInstaller.exe]
Adware:Adware/BrowserAid Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\_ps_inst.exe[rundll16.exe]
Adware:Adware/BrowserAid Not disinfected F:\Documents and Settings\Administrator\Local Settings\Temp\_ps_inst.exe[rundll16.dll]
Adware:Adware/Lop Not disinfected F:\Program Files\backups\backup-20050117-160011-193.dll
Adware:Adware/BuddyLinks Not disinfected F:\Program Files\backups\backup-20050117-160014-684.dll
Spyware:Spyware/New.net Not disinfected F:\WINDOWS\NDNuninstall5_40.exe
Virus:Trj/Keylog.GA Disinfected F:\WINDOWS\system32\pmkhh.dll
Logfile of HijackThis v1.99.1
Scan saved at 1:15:43 AM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
F:\Program Files\Logitech\ImageStudio\LogiTray.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zinlbemvu...pz2Yj5PFbi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.disney.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.disney.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\windows\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://f:\windows\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\windows\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\windows\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\windows\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.ne...v/dlControl.CAB
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: bw+0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:
  • 0

#5
Wizard
Posted 21 April 2006 - 11:07 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    F:\WINDOWS\system32\pmkhh.dll
    F:\WINDOWS\Tasks\B40264739E11E353.job
    F:\WINDOWS\Tasks\EB6AFCA38431D86F.job
    F:\Documents and Settings\Administrator\Local Settings\Temp\sdexe.exe
    F:\Documents and Settings\Administrator\Local Settings\Temp\StatBlaster.exe
    F:\Documents and Settings\Administrator\Local Settings\Temp\whCC-NETSHAGG.exe
    F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    F:\WINDOWS\NDNuninstall5_40.exe
    C:\WINDOWS\newdotnet3_36.dll
    C:\WINDOWS\NDNuninstall4_80.exe
    C:\WINDOWS\NDNuninstall4_50.exe
    C:\WINDOWS\SYSTEM\stub.exe
    C:\WINDOWS\SYSTEM\support.exe
    C:\WINDOWS\SYSTEM\BDErastDX3.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart in Safe Mode and Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...al62.html#winxp


Locate and Delete these folders

C:\WINDOWS\BDE

C:\WINDOWS\SYSTEM\P2P Networking

F:\PROGRAM FILES\Lycos

F:\PROGRAM FILES\nCase


Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\Windows\Temp

C:\Documents and Settings\Administrator\Local Settings\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)

Repeat this process for all other drives as well F:\

F:\Documents and Settings\Administrator\Local Settings\Temp<- Make sure you clear out that temp folder.


Restart Normal and have the PC Scanned here:
Bit Defender

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the report from Bit Defender
  • 0

#6
sliknick105
Posted 22 April 2006 - 10:09 AM

sliknick105

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
BitDefender Online Scanner



Scan report generated at: Sat, Apr 22, 2006 - 01:46:22





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
03:32:47

Files
427999

Folders
6962

Boot Sectors
4

Archives
3694

Packed Files
52778




Results

Identified Viruses
19

Infected Files
36

Suspect Files
0

Warnings
0

Disinfected
1

Deleted Files
56




Engines Info

Virus Definitions
371156

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\143927A2.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.W

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\143927A2.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\143927A2.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDA7B09=>(Quarantine-2)
Infected with: Trojan.BrowseEvt

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDA7B09=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDA7B09=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E5D0A79=>(Quarantine-2)
Infected with: Trojan.Js.Seeker.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E5D0A79=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E5D0A79=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1ECC1DFF=>(Quarantine-2)
Infected with: Trojan.Downloader.0

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1ECC1DFF=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1ECC1DFF=>(Quarantine-2)
Deleted

C:\superbarinstaller_wildmedia.exe
Infected with: Trojan.Delf.19

C:\superbarinstaller_wildmedia.exe
Disinfection failed

C:\superbarinstaller_wildmedia.exe
Deleted

C:\KeenValueInstall_with_track_117.exe
Infected with: Trojan.Downloader.Keenval.M

C:\KeenValueInstall_with_track_117.exe
Disinfection failed

C:\KeenValueInstall_with_track_117.exe
Deleted

C:\dist1.exe
Infected with: Dropped:Trojan.Downloader.Agent.43

C:\dist1.exe
Disinfection failed

C:\dist1.exe
Deleted

F:\!KillBox\sdexe.exe=>(Embedded EXE o)
Infected with: Trojan.Downloader.PurityScan.C

F:\!KillBox\sdexe.exe=>(Embedded EXE o)
Disinfection failed

F:\!KillBox\sdexe.exe=>(Embedded EXE o)
Deleted

F:\!KillBox\sdexe.exe
Update failed

F:\!KillBox\StatBlaster.exe
Infected with: Dropped:Adware.Statblaster.A

F:\!KillBox\StatBlaster.exe
Disinfection failed

F:\!KillBox\StatBlaster.exe
Deleted

F:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

F:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

F:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Deleted

F:\Program Files\AIM\Sysfiles\WxBug.EXE
Update failed

F:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Detected with: Adware.Wheaterbug.A

F:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Disinfection failed

F:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Deleted

F:\Program Files\backups\backup-20050117-160011-193.dll
Infected with: Trojan.Downloader.Swizzor.BO

F:\Program Files\backups\backup-20050117-160011-193.dll
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10D46636=>(Quarantine-2)=>/hp2.htm
Infected with: Exploit.ADODB.Stream.Gen

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10D46636=>(Quarantine-2)=>/hp2.htm
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10D46636=>(Quarantine-2)=>/hp2.htm
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10D46636=>(Quarantine-2)
Update failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20494B93.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20494B93.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20494B93.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204C758F.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204C758F.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204C758F.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204F1F8C.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204F1F8C.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204F1F8C.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209B0897=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209B0897=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209B0897=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209E3293=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209E3293=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\209E3293=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\257674F7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\257674F7.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\257674F7.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BDE36D4.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BDE36D4.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BDE36D4.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE160D0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE160D0.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE160D0.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE50ACD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE50ACD.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BE50ACD.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\310730F6.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\310730F6.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\310730F6.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33021687.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33021687.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33021687.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3951495C.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3951495C.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3951495C.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46346739=>(Quarantine-2)=>/hp2.htm
Infected with: Exploit.ADODB.Stream.Gen

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46346739=>(Quarantine-2)=>/hp2.htm
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46346739=>(Quarantine-2)=>/hp2.htm
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46346739=>(Quarantine-2)
Update failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4D712713=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4D712713=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4D712713=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F3744C=>(Quarantine-2)=>/hp2.htm
Infected with: Exploit.ADODB.Stream.Gen

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F3744C=>(Quarantine-2)=>/hp2.htm
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F3744C=>(Quarantine-2)=>/hp2.htm
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F3744C=>(Quarantine-2)
Update failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F61E48=>(Quarantine-2)=>/hp2.htm
Infected with: Exploit.ADODB.Stream.Gen

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F61E48=>(Quarantine-2)=>/hp2.htm
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F61E48=>(Quarantine-2)=>/hp2.htm
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F61E48=>(Quarantine-2)
Update failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55A35A3D=>(Quarantine-2)=>/hp2.htm
Infected with: Exploit.ADODB.Stream.Gen

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55A35A3D=>(Quarantine-2)=>/hp2.htm
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55A35A3D=>(Quarantine-2)=>/hp2.htm
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55A35A3D=>(Quarantine-2)
Update failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63A40023=>(Quarantine-2)
Infected with: Trojan.Downloader.Minstaller

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63A40023=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63A40023=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D3A3888.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D3A3888.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D3A3888.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E6D0906.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E6D0906.exe=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E6D0906.exe=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A1D5224=>(Quarantine-2)
Infected with: Trojan.Downloader.VB.Q

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A1D5224=>(Quarantine-2)
Disinfection failed

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A1D5224=>(Quarantine-2)
Deleted

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D217C79.dat=>(Quarantine-2)
Infected with: Win32.Parite.B

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D217C79.dat=>(Quarantine-2)
Disinfected

F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D217C79.dat
Update failed

F:\WINDOWS\BDIBv4.exe
Infected with: MemScan:Trojan.Downloader.Delf.CY

F:\WINDOWS\BDIBv4.exe
Disinfection failed

F:\WINDOWS\BDIBv4.exe
Deleted



Logfile of HijackThis v1.99.1
Scan saved at 12:11:23 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
F:\Program Files\Logitech\ImageStudio\LogiTray.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
F:\Program Files\Kazaa Lite K++\KazaaLite.kpp
F:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zinlbemvu...pz2Yj5PFbi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.disney.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.disney.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\windows\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://f:\windows\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\windows\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\windows\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\windows\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.ne...v/dlControl.CAB
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: bw+0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FFA93B56-2702-46ED-A6F3-4FA87F2E7D0D} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

#7
Wizard
Posted 22 April 2006 - 11:10 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zinlbemvu...pz2Yj5PFbi.html

O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.ne...v/dlControl.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


If you will,run one last Online Scan.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post aloong with a fresh HijackThis log.

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP