Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

guard.tmp

Started by fearthuinn , May 28 2006 05:17 PM

  • Please log in to reply

#1
fearthuinn
Posted 28 May 2006 - 05:17 PM

fearthuinn

    New Member

  • Member
  • Pip
  • 7 posts
Hello-
I hope someone can help me with this. If you can I'm sure you know what a giant pain in the [bleep] it is.

I've run Ad-aware, Spy-bot, and McAfee, but none of them seem to be able to remove this file, or the .dll file it creates (it's different every time I restart the computer). I've looked at a few manual removal tutorials, but I'm not very comfortable using them since I"m not too sure what to keep and what to get rid of.

My cat is also sick, but the vet is working on that one.

Here's my HJT log,

Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:57 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,wsrqxgt.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ugxbny] C:\WINNT\system32\votjnb.exe reg_run
O4 - HKCU\..\Run: [rcfco] C:\WINNT\system32\votjnb.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128876902949
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: bw+0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Reinstall - C:\WINNT\system32\guard.tmp
O20 - Winlogon Notify: WgaLogon - C:\WINNT\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Wizard
Posted 28 May 2006 - 05:24 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi fearthuinn and Welcome to GeekstoGo!


Please download Look2Me-Destroyer.exe to your (C:) drive.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
  • 0

#3
fearthuinn
Posted 29 May 2006 - 01:17 AM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much.
Here is my Look2Me-Destroyer text and new HJT log.

------------

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/29/2006 12:01:10 AM

Infected! C:\WINNT\system32\guard.tmp
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056638.dll
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056639.dll
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056640.dll
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056641.dll
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056642.dll
Infected! C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056643.dll
Infected! C:\WINNT\system32\dlrgsnap.dll
Infected! C:\WINNT\system32\dn6601jse.dll
Infected! C:\WINNT\system32\iTsrecst.dll
Infected! C:\WINNT\system32\kpdsw.dll
Infected! C:\WINNT\system32\kxdno1.dll
Infected! C:\WINNT\system32\kxdsf.dll
Infected! C:\WINNT\system32\mfvbvm60.dll
Infected! C:\WINNT\system32\screamci.dll
Infected! C:\WINNT\system32\wep.dll
Infected! C:\WINNT\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056638.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056639.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056639.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056640.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056640.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056641.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056642.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056642.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056643.dll
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP996\A0056643.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\dlrgsnap.dll
C:\WINNT\system32\dlrgsnap.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\dn6601jse.dll
C:\WINNT\system32\dn6601jse.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\iTsrecst.dll
C:\WINNT\system32\iTsrecst.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\kpdsw.dll
C:\WINNT\system32\kpdsw.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\kxdno1.dll
C:\WINNT\system32\kxdno1.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\kxdsf.dll
C:\WINNT\system32\kxdsf.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\mfvbvm60.dll
C:\WINNT\system32\mfvbvm60.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\screamci.dll
C:\WINNT\system32\screamci.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\wep.dll
C:\WINNT\system32\wep.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{46CB4B37-79A0-4BA2-B80B-41E169196037}"
HKCR\Clsid\{46CB4B37-79A0-4BA2-B80B-41E169196037}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B7C7C1C7-D280-4EC7-B16D-699764C75659}"
HKCR\Clsid\{B7C7C1C7-D280-4EC7-B16D-699764C75659}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


-------------------------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 12:10:13 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,wsrqxgt.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ugxbny] C:\WINNT\system32\votjnb.exe reg_run
O4 - HKCU\..\Run: [rcfco] C:\WINNT\system32\votjnb.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128876902949
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: bw+0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Wizard
Posted 29 May 2006 - 04:55 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets go after Qoologic now
  • Download Brute Force Uninstaller to your (C:) drive
  • Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.

  • 0

#5
fearthuinn
Posted 29 May 2006 - 06:43 PM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:42:08 PM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128876902949
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: bw+0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADA77926-332F-491B-A3F1-15FC4AEFD299} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Wizard
Posted 29 May 2006 - 08:18 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please run the F-Secure Online Scanner
  • Follow the Instructions on the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan programs and documents
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#7
fearthuinn
Posted 29 May 2006 - 10:54 PM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you, here is the report.



Scanning Report
Monday, May 29, 2006 19:46:30 - 21:51:55
Computer name: IAIN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 4 malware found
Trojan-Downloader.Win32.Adload.bq (virus)
C:\windows\drsmartload45a.exe (Renamed)
C:\windows\drsmartload46a.exe (Renamed)
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP992\A0056184.exe (Renamed)
Trojan-Downloader.Win32.Small.cpu (virus)
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP993\A0056319.exe (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 318424
System: 4386
Not scanned: 160
Actions:
Disinfected: 0
Renamed: 4
Deleted: 0
None: 0
Submitted: 1
Files not scanned:
h†÷ Y(EXPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA4\CHARACTERS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA3\PHOTOALBUM\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA3\EXPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA3\CHARACTERS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA2\PHOTOALBUM\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA2\EXPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\PHOTOALBUM\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\IMPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\EXPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\TEMPLATEUSERDATA\PHOTOALBUM\_
C:\PROGRAM FILES\MAXIS\THE SIMS\TEMPLATEUSERDATA\EXPORT\_
C:\PROGRAM FILES\MAXIS\THE SIMS\TEMPLATEUSERDATA\CHARACTERS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SCENARIO.TDS
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\WALLS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\USEROBJECTS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SKINS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\FLOORS\_
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Program Files\JavaSoft\JRE\1.3.1_04\lib\rt.jar\javax\naming\NameImpl.class
C:\Program Files\Call of Duty\Main\pak2.pk3\sound\
C:\MY SHARED FOLDER\DOWNLOAD10913919301096133296.DAT
C:\I386\BIOS1.RO_
C:\DOCUMENTS AND SETTINGS\OWNER\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\10-APHRODITE-OFF_LIMITS_(FEAT._BIG_DADDY_KANE)-APCAIQRBCGQ.MP3
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\APHRODITE - AFTERSHOCK\09-APHRODITE-GANJA_MAN_(FEAT._DEADLY_HUNTA)-APC.MP3
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CGD0Y3UI\103-8025636-6835034[1].
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\MUSIC\WINAMP\ALIEN ANTFARM - 12 - SMOOTH CRIMINAL.MP3
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip\owner@advertising[2].txt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip\[email protected][2].txt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip\owner@advertising[1].txt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip\[email protected][1].txt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip\owner@advertising[1].txt
C:\Documents and Settings\All Users\\SCEs|OTh†÷x÷:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\WALLS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\USEROBJECTS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SKINS\_
C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\FLOORS\_
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Program Files\JavaSoft\JRE\1.3.1_04\lib\rt.jar\javax\naming\NameImpl.class
C:\Program Files\Call of Duty\Main\pak2.pk3\sound\
C:\MY SHARED FOLDER\DOWNLOAD10913919301096133296.DAT
C:\I386\BIOS1.RO_
C:\DOCUMENTS AND SETTINGS\OWNER\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\10-APHRODITE-OFF_LIMITS_(FEAT._BIG_DADDY_KANE)-APCAIQRBCGQ.MP3
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\APHRODITE - AFTERSHOCK\09-APHRODITE-GANJA_MAN_(FEAT._DEADLY_HUNTA)-APC.MP3
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CGD0Y3UI\103-8025636-6835034[1].
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\MUSIC\WINAMP\ALIEN ANTã

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-05-29
F-Secure Libra: 2.4.1, 2006-05-29
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Orion: 1.2.37, 2006-05-26
F-Secure Pegasus: 1.19.0, 2006-00-19
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
  • 0

#8
Wizard
Posted 30 May 2006 - 05:57 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Allright,you should be able to eqasily locate and delete the 2 files F-Secure renamed for us,the others are System Restore Files,Im not worried about them

Locate and Delete the 2 listed below,the will now have a new extension added on to them so will likely look like this

C:\windows\drsmartload45a.exe.ren

C:\windows\drsmartload46a.exe.ren


Lets do one last Online Scan and be sure we havent left anything behind.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?
  • 0

#9
fearthuinn
Posted 30 May 2006 - 07:33 PM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello-
Thank you very, very much for your help. As far as I can tell things seem to be fine now. Kaspersky did find a few items. I'm posting the log below.

Tuesday, May 30, 2006 6:01:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/05/2006
Kaspersky Anti-Virus database records: 185441


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 56182
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:45:15

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP992\A0056184.0xe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP993\A0056319.0xe Infected: Trojan-Downloader.Win32.Small.cpu skipped

C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP998\A0057718.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP998\A0057719.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

Scan process completed.
  • 0

#10
Wizard
Posted 30 May 2006 - 08:43 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
LMAO,just dawned on me,you said this is a work computer?

Maybe the Hosts File wasnt such a great idea,not sure how the PC is set up but if they have Safe Mode guarded then I suppose its a fairly tweaked machine?
  • 0

#11
fearthuinn
Posted 31 May 2006 - 11:37 AM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
nope, this is just my home computer.
  • 0

#12
Wizard
Posted 31 May 2006 - 06:46 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,well then the Hosts File would be a nice addition,all it does is backup your existing Hosts File.

Creates a new one in its place which contains a list of known crap sites and will prevent the PC from be able to access these sites.

Explained in detail Here

How is the PC running today?
  • 0

#13
fearthuinn
Posted 01 June 2006 - 09:52 AM

fearthuinn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay. Thanks for the link, it's very interesting.

Everything seems to be running just fine now. Thank you so much for your help, I really appriciate it.
  • 0

#14
Wizard
Posted 01 June 2006 - 04:31 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP