Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.win32.BHO.q, Adware.Win32.Virtumonde.ft


  • Please log in to reply

#1
blumooneve

blumooneve

    New Member

  • Member
  • Pip
  • 3 posts
So... After an on onslaught of annoying pop-ups with everything from clean my computer of porn to a dental advertisement with full sound at 4 a.m. I've given up. I've run ad-aware, spybot, a-squared, and other things but no look with a full removal. :whistling: .... Here are logfiles from HijackThis, vundofix, virtumondoBegone.... Any help will be much MUCH appreciated!!


Logfile of HijackThis v1.99.1
Scan saved at 8:11:24 PM, on 2/6/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\ewido\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\Ad-Aware\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0832C452-7755-44A7-0372-0B5BDBB9A201} - C:\WINDOWS\System32\rssiaxj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\othojwhp.dll (file missing)
O2 - BHO: (no name) - {6E4B23EE-D412-48BD-B133-60574061E429} - C:\WINDOWS\System32\vtuvvvt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {99254EDF-880F-414A-9C8F-A8E69241D061} - C:\WINDOWS\System32\awvtr.dll (file missing)
O2 - BHO: (no name) - {F3E4B2F7-CAD8-486F-BFAC-373415B9E5C5} - C:\WINDOWS\System32\vtstq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [fxphpei.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Jessica\Local Settings\Application Data\fxphpei.dll",wacklle
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O4 - Global Startup: [email protected] = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164160513116
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O18 - Protocol: bw+0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O20 - Winlogon Notify: winqgb32 - winqgb32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)




-------------------------------------------------------------------------------

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 6:14:15 PM 2/6/2007

Listing files found while scanning....

C:\WINDOWS\qaz4.txt
C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\hymogmnr.dll
C:\WINDOWS\System32\othojwhp.dll
C:\WINDOWS\System32\rtvwa.bak1
C:\WINDOWS\System32\rtvwa.bak2
C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini2
C:\WINDOWS\System32\rtvwa.tmp
C:\WINDOWS\system32\vtuvvvt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\qaz4.txt
C:\WINDOWS\qaz4.txt Has been deleted!

Attempting to delete C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\awvtr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\othojwhp.dll
C:\WINDOWS\System32\othojwhp.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.bak1
C:\WINDOWS\System32\rtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.bak2
C:\WINDOWS\System32\rtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.ini2
C:\WINDOWS\System32\rtvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.tmp
C:\WINDOWS\System32\rtvwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\vtuvvvt.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 6:20:27 PM 2/6/2007

Listing files found while scanning....

C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\system32\gbonchrw.dll
C:\WINDOWS\System32\hymogmnr.dll
C:\WINDOWS\System32\othojwhp.dll
C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini2
C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\wrhcnobg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\awvtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gbonchrw.dll
C:\WINDOWS\system32\gbonchrw.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtvwa.ini2
C:\WINDOWS\System32\rtvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\vtuvvvt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\wrhcnobg.ini
C:\WINDOWS\system32\wrhcnobg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\vtuvvvt.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 7:10:00 PM 2/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\ewtyfixx.dll
C:\WINDOWS\System32\hymogmnr.dll
C:\WINDOWS\System32\othojwhp.dll
C:\WINDOWS\System32\qtstv.bak1
C:\WINDOWS\System32\qtstv.ini
C:\WINDOWS\System32\vtstq.dll
C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\xxifytwe.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ewtyfixx.dll
C:\WINDOWS\system32\ewtyfixx.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\qtstv.bak1
C:\WINDOWS\System32\qtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\qtstv.ini
C:\WINDOWS\System32\qtstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtstq.dll
C:\WINDOWS\System32\vtstq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\vtuvvvt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xxifytwe.ini
C:\WINDOWS\system32\xxifytwe.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll
C:\WINDOWS\system32\vtuvvvt.dll Could not be deleted.

Performing Repairs to the registry.
Done!

---------------------------------------------------------------------------------------------------------------------


VirtumundoBeGone Log


[02/06/2007, 19:04:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessica\Desktop\VirtumundoBeGone.exe" )
[02/06/2007, 19:04:57] - Detected System Information:
[02/06/2007, 19:04:57] - Windows Version: 5.1.2600,
[02/06/2007, 19:04:57] - Current Username: Jessica (Admin)
[02/06/2007, 19:04:57] - Windows is in NORMAL mode.
[02/06/2007, 19:04:57] - Searching for Browser Helper Objects:
[02/06/2007, 19:04:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/06/2007, 19:04:57] - BHO 2: {0832C452-7755-44A7-0372-0B5BDBB9A201} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\rssiaxj
[02/06/2007, 19:04:57] - Key not found: HKLM\...\Winlogon\Notify\rssiaxj, continuing.
[02/06/2007, 19:04:57] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/06/2007, 19:04:57] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/06/2007, 19:04:57] - BHO 4: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\othojwhp
[02/06/2007, 19:04:57] - Key not found: HKLM\...\Winlogon\Notify\othojwhp, continuing.
[02/06/2007, 19:04:57] - BHO 5: {6E4B23EE-D412-48BD-B133-60574061E429} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\vtuvvvt
[02/06/2007, 19:04:57] - Key not found: HKLM\...\Winlogon\Notify\vtuvvvt, continuing.
[02/06/2007, 19:04:57] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/06/2007, 19:04:57] - BHO 7: {99254EDF-880F-414A-9C8F-A8E69241D061} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\awvtr
[02/06/2007, 19:04:57] - Key not found: HKLM\...\Winlogon\Notify\awvtr, continuing.
[02/06/2007, 19:04:57] - BHO 8: {F75ED4DD-B9A3-46DF-8698-4FD7125BF208} ()
[02/06/2007, 19:04:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:57] - Checking for HKLM\...\Winlogon\Notify\pmnlm
[02/06/2007, 19:04:57] - Found: HKLM\...\Winlogon\Notify\pmnlm - This is probably Virtumundo.
[02/06/2007, 19:04:57] - Assigning {F75ED4DD-B9A3-46DF-8698-4FD7125BF208} MSEvents Object
[02/06/2007, 19:04:57] - BHO list has been changed! Starting over...
[02/06/2007, 19:04:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/06/2007, 19:04:58] - BHO 2: {0832C452-7755-44A7-0372-0B5BDBB9A201} ()
[02/06/2007, 19:04:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:58] - Checking for HKLM\...\Winlogon\Notify\rssiaxj
[02/06/2007, 19:04:58] - Key not found: HKLM\...\Winlogon\Notify\rssiaxj, continuing.
[02/06/2007, 19:04:58] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/06/2007, 19:04:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:58] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/06/2007, 19:04:58] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/06/2007, 19:04:58] - BHO 4: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/06/2007, 19:04:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:58] - Checking for HKLM\...\Winlogon\Notify\othojwhp
[02/06/2007, 19:04:58] - Key not found: HKLM\...\Winlogon\Notify\othojwhp, continuing.
[02/06/2007, 19:04:58] - BHO 5: {6E4B23EE-D412-48BD-B133-60574061E429} ()
[02/06/2007, 19:04:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:58] - Checking for HKLM\...\Winlogon\Notify\vtuvvvt
[02/06/2007, 19:04:58] - Key not found: HKLM\...\Winlogon\Notify\vtuvvvt, continuing.
[02/06/2007, 19:04:58] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/06/2007, 19:04:58] - BHO 7: {99254EDF-880F-414A-9C8F-A8E69241D061} ()
[02/06/2007, 19:04:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:04:58] - Checking for HKLM\...\Winlogon\Notify\awvtr
[02/06/2007, 19:04:58] - Key not found: HKLM\...\Winlogon\Notify\awvtr, continuing.
[02/06/2007, 19:04:58] - BHO 8: {F75ED4DD-B9A3-46DF-8698-4FD7125BF208} (MSEvents Object)
[02/06/2007, 19:04:58] - ALERT: Found MSEvents Object!
[02/06/2007, 19:04:58] - Finished Searching Browser Helper Objects
[02/06/2007, 19:04:58] - *** Detected MSEvents Object
[02/06/2007, 19:04:58] - Trying to remove MSEvents Object...
[02/06/2007, 19:04:59] - Terminating Process: IEXPLORE.EXE
[02/06/2007, 19:04:59] - Terminating Process: RUNDLL32.EXE
[02/06/2007, 19:04:59] - Disabling Automatic Shell Restart
[02/06/2007, 19:04:59] - Terminating Process: EXPLORER.EXE
[02/06/2007, 19:05:00] - Suspending the NT Session Manager System Service
[02/06/2007, 19:05:00] - Terminating Windows NT Logon/Logoff Manager
[02/06/2007, 19:05:00] - Re-enabling Automatic Shell Restart
[02/06/2007, 19:05:00] - File to disable: C:\WINDOWS\System32\pmnlm.dll
[02/06/2007, 19:05:00] - Renaming C:\WINDOWS\System32\pmnlm.dll -> C:\WINDOWS\System32\pmnlm.dll.vir
[02/06/2007, 19:05:00] - File successfully renamed!
[02/06/2007, 19:05:00] - Removing HKLM\...\Browser Helper Objects\{F75ED4DD-B9A3-46DF-8698-4FD7125BF208}
[02/06/2007, 19:05:00] - Removing HKCR\CLSID\{F75ED4DD-B9A3-46DF-8698-4FD7125BF208}
[02/06/2007, 19:05:00] - Adding Kill Bit for ActiveX for GUID: {F75ED4DD-B9A3-46DF-8698-4FD7125BF208}
[02/06/2007, 19:05:00] - Deleting ATLEvents/MSEvents Registry entries
[02/06/2007, 19:05:00] - Removing HKLM\...\Winlogon\Notify\pmnlm
[02/06/2007, 19:05:00] - Searching for Browser Helper Objects:
[02/06/2007, 19:05:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/06/2007, 19:05:00] - BHO 2: {0832C452-7755-44A7-0372-0B5BDBB9A201} ()
[02/06/2007, 19:05:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:05:00] - Checking for HKLM\...\Winlogon\Notify\rssiaxj
[02/06/2007, 19:05:00] - Key not found: HKLM\...\Winlogon\Notify\rssiaxj, continuing.
[02/06/2007, 19:05:00] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/06/2007, 19:05:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:05:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/06/2007, 19:05:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/06/2007, 19:05:00] - BHO 4: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/06/2007, 19:05:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:05:00] - Checking for HKLM\...\Winlogon\Notify\othojwhp
[02/06/2007, 19:05:00] - Key not found: HKLM\...\Winlogon\Notify\othojwhp, continuing.
[02/06/2007, 19:05:00] - BHO 5: {6E4B23EE-D412-48BD-B133-60574061E429} ()
[02/06/2007, 19:05:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:05:00] - Checking for HKLM\...\Winlogon\Notify\vtuvvvt
[02/06/2007, 19:05:00] - Key not found: HKLM\...\Winlogon\Notify\vtuvvvt, continuing.
[02/06/2007, 19:05:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/06/2007, 19:05:00] - BHO 7: {99254EDF-880F-414A-9C8F-A8E69241D061} ()
[02/06/2007, 19:05:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/06/2007, 19:05:00] - Checking for HKLM\...\Winlogon\Notify\awvtr
[02/06/2007, 19:05:00] - Key not found: HKLM\...\Winlogon\Notify\awvtr, continuing.
[02/06/2007, 19:05:00] - Finished Searching Browser Helper Objects
[02/06/2007, 19:05:00] - Finishing up...
[02/06/2007, 19:05:00] - A restart is needed.
[02/06/2007, 19:05:15] - Attempting to Restart via STOP error (Blue Screen!)
  • 0

Advertisements


#2
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
blumooneve,

Hi, and welcome to Geeks to Go. You definitely have a few problems in your log - I can see why you'd be frustrated. Let's get you cleaned up.

Please go here to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\System32\vtuvvvt.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.

* Click here to download FindAWF.exe and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
  • Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Please post the AVG AS reportand the AWF.txt in your next reply.

Thanks,

sari
  • 0

#3
blumooneve

blumooneve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Oh thanks some help!!!! Okay here's what we have....



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:17:29 PM 2/8/2007

+ Scan result:



C:\VundoFix Backups\vtuvvvt.dll.bad -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\system32\vtuvvvt.dll -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\Jessica\LW\Hip Hop eJay 4 full.rar/Hip.Hop.eJAY.1.04.00_No-CD_Crack.ZIP/hhejay_crk.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Jessica\LW\Hip Hop eJay 4 full\Hip.Hop.eJAY.1.04.00_No-CD_Crack.ZIP/hhejay_crk.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Jessica\LW\Hip Hop eJay 4 full\Hip.Hop.eJAY.1.04.00_No-CD_Crack\hhejay_crk.exe -> Backdoor.Theef.111 : Cleaned.
C:\System Volume Information\_restore{84540C22-8686-42A7-B3BD-3FF9A4917F31}\RP184\A0048678.exe -> Dropper.Agent.azk : Cleaned.
:mozilla.442:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.344:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.410:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.105:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.108:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.452:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.453:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.65:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Jessica\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.135:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.305:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.233:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.301:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.302:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.456:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.457:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.458:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.112:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.70:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.71:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.140:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.387:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.127:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.128:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.134:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.273:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.274:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.243:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.244:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.245:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.246:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.247:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.248:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.106:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.109:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.110:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.111:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.83:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.86:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.87:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.88:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.92:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.214:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.78:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.80:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.81:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.82:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.334:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.122:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.123:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.124:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.125:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.130:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.131:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.132:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.77:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.79:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.473:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.474:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.41:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jessica\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.90:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.91:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\ltv8nxxd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{84540C22-8686-42A7-B3BD-3FF9A4917F31}\RP184\A0048677.dll -> Trojan.Agent.qt : Cleaned.


::Report end







-------------------------------------------------------------------------
awf log....


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~

21504 "C:\Program Files\7-Zip\Formats\split.dll"


21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

05/03/2006 04:27 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/23/2001 06:00 AM 13,312 ctfmon.exe
07/09/2001 04:50 AM 155,648 NeroCheck.exe
2 File(s) 168,960 bytes

Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK

08/05/2006 12:23 AM 108,160 ashDisp.exe
1 File(s) 108,160 bytes

Directory of C:\PROGRA~1\ATIMUL~1\MAIN\BAK

01/20/2003 09:57 PM 106,574 launchpd.exe
1 File(s) 106,574 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

01/24/2003 08:00 PM 315,392 atiptaxx.exe
1 File(s) 315,392 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/31/2003 06:42 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

12/01/2003 10:38 AM 892,928 iTouch.exe
1 File(s) 892,928 bytes

Directory of C:\PROGRA~1\VIEWPO~1\VIEWPO~2\BAK

11/10/2004 10:15 PM 111,816 ViewMgr.exe
1 File(s) 111,816 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/19/2005 06:34 PM 3,084,288 ypager.exe
1 File(s) 3,084,288 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/08/2005 02:56 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 02:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

07/09/2006 07:11 PM 36,864 LogitechDesktopMessenger.exe
1 File(s) 36,864 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

282624 Dec 20 2006 "C:\Program Files\QuickTime\qttask.exe"
155648 May 3 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 23 2001 "C:\WINDOWS\system32\ctfmon.exe"
13312 Aug 23 2001 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
108160 Sep 25 2006 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 Aug 5 2006 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
106574 Jan 20 2003 "C:\Program Files\ATI Multimedia\main\bak\launchpd.exe"
315392 Jan 24 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
892928 Dec 1 2003 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
111816 Nov 10 2004 "C:\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe"
3084288 Aug 19 2005 "C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
180269 May 8 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"
36864 Jul 9 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"


end of report







THANKS AGAIN!!
  • 0

#4
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
blumooneve,

I've attached a file called blumooneve.zip to this post. Right click on it and save it to your desktop. Find the file you just saved, right click, and select Extract files. Double click on the file named blumooneve.bat and allow it to run.

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Right click http://www.mvps.org/...colDefaults.reg and save it to your desktop, like you did with the above file. Now locate that file and double click it - it will ask you if you want to allow it to merge with your registry. Click yes to continue.

[attachment=13016:attachment]

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0832C452-7755-44A7-0372-0B5BDBB9A201} - C:\WINDOWS\System32\rssiaxj.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\othojwhp.dll (file missing)
O2 - BHO: (no name) - {6E4B23EE-D412-48BD-B133-60574061E429} - C:\WINDOWS\System32\vtuvvvt.dll
O2 - BHO: (no name) - {99254EDF-880F-414A-9C8F-A8E69241D061} - C:\WINDOWS\System32\awvtr.dll (file missing)
O2 - BHO: (no name) - {F3E4B2F7-CAD8-486F-BFAC-373415B9E5C5} - C:\WINDOWS\System32\vtstq.dll (file missing)
O4 - HKLM\..\Run: [fxphpei.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Jessica\Local Settings\Application Data\fxphpei.dll",wacklle
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddccc - ddccc.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O20 - Winlogon Notify: winqgb32 - winqgb32.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\System32\rssiaxj.dll
C:\Documents and Settings\Jessica\Local Settings\Application Data\fxphpei.dll

After that, Reboot.

Post a new hijackthis log for review.

Thanks,

sari
  • 0

#5
blumooneve

blumooneve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I take this one has been fun to analyze as well for you!! I appreciate ALL YOUR HELP SO MUCH!!!!


O2 - BHO: (no name) - {0832C452-7755-44A7-0372-0B5BDBB9A201} - C:\WINDOWS\System32\rssiaxj.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\othojwhp.dll (file missing)
O2 - BHO: (no name) - {6E4B23EE-D412-48BD-B133-60574061E429} - C:\WINDOWS\System32\vtuvvvt.dll
O2 - BHO: (no name) - {99254EDF-880F-414A-9C8F-A8E69241D061} - C:\WINDOWS\System32\awvtr.dll (file missing)
O2 - BHO: (no name) - {F3E4B2F7-CAD8-486F-BFAC-373415B9E5C5} - C:\WINDOWS\System32\vtstq.dll (file missing)

Not present during last scan.... :whistling: :blink:

Others deleted / fixed

New log


Logfile of HijackThis v1.99.1
Scan saved at 9:22:53 PM, on 2/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jessica\Desktop\VirusTrojanSpyware Removers\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O4 - Global Startup: [email protected] = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164160513116
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O18 - Protocol: bw+0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {084E46EF-4359-4DF8-9D27-2E425D2A3EDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#6
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
blumooneve,

Yes, this was quite fun! :whistling: Your log looks clean now. How is everything running? Any issues with anything now?

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP