Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/Virus Issues (Dropper.Agent.BBI)


  • This topic is locked This topic is locked

#1
gabrielswordfish

gabrielswordfish

    New Member

  • Member
  • Pip
  • 4 posts
I have followed all instructions provided for 1st time users. Here are the detailed reports of all scans conducted.
Panda Active Scan Report



Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\system32\1.exe
Virus:Bck/Eter.A Disinfected C:\WINDOWS\system32\Firewall.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Anil\Cookies\[email protected][2].txt
Spyware:Spyware/New.net Not disinfected D:\Setups\Internet Things\P2P\WarezP2P_DLC.exe[NNWARZ3_88.exe]
Virus:Trj/Downloader.FA Not disinfected D:\Setups\New ones\Bikinibabes-Screensaver-v411.exe[aud-cnet10.exe]
Virus:Trj/Downloader.EF Not disinfected D:\Setups\New ones\Bikinibabes-Screensaver-v411.exe[augscrsvr.exe]
Spyware:Spyware/Systemcheck Not disinfected D:\Setups\New ones\Bikinibabes-Screensaver-v411.exe[bikinischk.exe]
Virus:Trj/Downloader.FA Not disinfected D:\Setups\Screensavers\Bikinibabes-Screensaver-v411.exe[aud-cnet10.exe]
Virus:Trj/Downloader.EF Not disinfected D:\Setups\Screensavers\Bikinibabes-Screensaver-v411.exe[augscrsvr.exe]
Spyware:Spyware/Systemcheck Not disinfected D:\Setups\Screensavers\Bikinibabes-Screensaver-v411.exe[bikinischk.exe]

Uninstall list

µTorrent
AVG Anti-Spyware 7.5
AVG Free Edition
DVD Solution
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 2.81 Full
LimeWire PRO 4.12.3
Logitech Desktop Messenger
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
Nero OEM
Panda ActiveScan
PowerDVD
PowerProducer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver


AVG Antispyware Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:24:38 PM 1/1/2007

+ Scan result:



C:\System Volume Information\_restore{6271BB61-7D4B-4028-929C-7FA95BA83A8E}\RP18\A0002177.exe -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6271BB61-7D4B-4028-929C-7FA95BA83A8E}\RP18\A0002205.exe -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinSecure.006 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinSecure.007 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinSecure.exe -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinSecure.003 -> Not-A-Virus.Monitor.Win32.Ardamax.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Anil\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Anil\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.


::Report end

I hope this is enough information. Thanx in advance.
  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Forgot the critical item


Click here to download HJTsetup.exe:

http://www.thespykil...=tpmod;dl=item5
Scroll down to the download section

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  • 0

#3
gabrielswordfish

gabrielswordfish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the HiJack This log file... sorry dint include it in the last mail....am kinda new to this...

Logfile of HijackThis v1.99.1
Scan saved at 10:55:55 AM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Setups\Comp Appliactions\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.mtnl.net.in/
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1167384823593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167384799812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: bw+0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {FF81F501-DFD1-4692-BBF3-CE0F9C80A0A2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
  • 0

#4
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Add remove programs - remove logitech desktop messenger

==============================

Please click here http://www.majorgeek...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.

================================

Running P2P is the best way to get infected - you should remove any P2P programs
========================

I see no evidence of SuperAntiSpyware

Download Superantispyware

http://www.superanti...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

==================
  • 0

#5
gabrielswordfish

gabrielswordfish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logitech Desktop Messenger removed

==========================


JRE 6 installed...previous versions removed

============================

P2P....hmmm....i wanted to keep that..thats my source for music n stuff...so if u got alternatives lemme know...off the record of course;)....im keeping that dormant rite now...not opening it

=================================

Super Antispyware installed....log is as follows

SUPERAntiSpyware Scan Log
Generated 01/03/2007 at 06:24 PM

Application Version : 3.4.1000

Core Rules Database Version : 3158
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:34:00

Memory items scanned : 355
Memory threats detected : 0
Registry items scanned : 4770
Registry threats detected : 0
File items scanned : 38228
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Anil\Cookies\[email protected][1].txt
C:\Documents and Settings\Anil\Cookies\[email protected][1].txt
C:\Documents and Settings\Anil\Cookies\[email protected][1].txt
C:\Documents and Settings\Anil\Cookies\[email protected][1].txt
C:\Documents and Settings\Anil\Cookies\[email protected][2].txt


============================================

Hijack this logfile is as follows....

Logfile of HijackThis v1.99.1
Scan saved at 6:29:12 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Setups\Comp Appliactions\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.mtnl.net.in/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1167384823593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167384799812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

==========================

Thx for all ur time n effort..i reallly appreciate it
  • 0

#6
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam

====================

How are things
  • 0

#7
gabrielswordfish

gabrielswordfish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey, thx a million MFDnSC!!!!

i think im clean now. Also, il run all those spywares n antivirus programs u asked me to once again..see if they find anythin. If i do, il get back to u.

Until then

THX a lot!!!!
  • 0

#8
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP