Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SOME ONE HELP ME PLEASE! [RESOLVED]


  • Please log in to reply

#1
darkstar225

darkstar225

    Member

  • Member
  • PipPipPip
  • 119 posts
ok, i've been to countless sites and they all give me the same advice for a disabled Tack Manager. problem is that it's like it's not even there anymore!!! i could press Ctrl+Alt+Delete all day, and all it would do is wear down those 3 buttons. i don't even get a message saying that it was disabled by the system admin. ......i've gone in and tried to run gpedit.msc , problem is that i get a message saying "gpedit.msc wasn't found by windows"!!!! i know no one disabled it, and i worked around to see if i can change the setting from off to on, which a virus could have done, but it was on already! i downloaded plenty of files that should have worked, but didn't. now i have no idea wat to do!!! and to top that off, i just restarted my computer after it froze and now i lost my background which now says that a virus has been detected and to go to http://www.psguard.com/?aff=99⊂=0 and buy a virus protection! someone smarter then me PLEASE help me with my 2 problems quick!!!!!!!!!!!!!!! I WOULD LOVE U FOREVER!!!!!! :'(

Edited by skate_punk_21, 13 August 2005 - 11:30 PM.

  • 0

Advertisements


#2
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
sorry guys, yes, i know im new to this, but im learning....... i have ran Ad-Aware SE fully updated and Trojan Hunter multiple times........and still have the same problems......i've read up on some of the other PSGuard problems, and ran Ad-Aware with your specifications, and i have a HJT log file which i will give u shortly.......sorry for bein a newbie......but i highly appreciate the help as soon as i can get it

Ad-Aware Log File

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, August 12, 2005 4:26:16 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R61 10.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R61 10.08.2005
Internal build : 71
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 508229 Bytes
Total size : 1531791 Bytes
Signature data size : 1498915 Bytes
Reference data size : 32364 Bytes
Signatures total : 42681
CSI Fingerprints total : 1003
CSI data size : 35408 Bytes
Target categories : 15
Target families : 729


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:27 %
Total physical memory:129008 kb
Available physical memory:34556 kb
Total page file size:314672 kb
Available on page file:143924 kb
Total virtual memory:2097024 kb
Available virtual memory:2042304 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-12-2005 4:26:16 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 396
ThreadCreationTime : 8-12-2005 7:59:37 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 444
ThreadCreationTime : 8-12-2005 7:59:40 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 468
ThreadCreationTime : 8-12-2005 7:59:41 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 512
ThreadCreationTime : 8-12-2005 7:59:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 524
ThreadCreationTime : 8-12-2005 7:59:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 708
ThreadCreationTime : 8-12-2005 7:59:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 760
ThreadCreationTime : 8-12-2005 7:59:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 912
ThreadCreationTime : 8-12-2005 7:59:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 924
ThreadCreationTime : 8-12-2005 7:59:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1052
ThreadCreationTime : 8-12-2005 7:59:50 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1088
ThreadCreationTime : 8-12-2005 7:59:51 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1092
ThreadCreationTime : 8-12-2005 7:59:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1236
ThreadCreationTime : 8-12-2005 7:59:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1264
ThreadCreationTime : 8-12-2005 7:59:59 AM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:15 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1316
ThreadCreationTime : 8-12-2005 7:59:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1340
ThreadCreationTime : 8-12-2005 7:59:59 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2036
ThreadCreationTime : 8-12-2005 8:00:17 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [lxbkbmgr.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
ProcessID : 184
ThreadCreationTime : 8-12-2005 8:00:33 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:19 [lxbkbmon.exe]
ModuleName : C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Command Line : "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe"
ProcessID : 240
ThreadCreationTime : 8-12-2005 8:00:37 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 256
ThreadCreationTime : 8-12-2005 8:00:39 AM
BasePriority : Normal


#:21 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 308
ThreadCreationTime : 8-12-2005 8:00:41 AM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [winupdates.exe]
ModuleName : C:\Program Files\winupdates\winupdates.exe
Command Line : "C:\Program Files\winupdates\winupdates.exe" /auto
ProcessID : 316
ThreadCreationTime : 8-12-2005 8:00:41 AM
BasePriority : Normal
FileVersion : 3.06
ProductVersion : 3.06
ProductName : inno setup
CompanyName : inno setup
FileDescription : inno setup
InternalName : Setup
LegalCopyright : inno setup
LegalTrademarks : inno setup
OriginalFilename : Setup.exe
Comments : inno setup

#:23 [logitechdesktopmessenger.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
ProcessID : 340
ThreadCreationTime : 8-12-2005 8:00:43 AM
BasePriority : Normal
FileVersion : 2.1.2.0
ProductVersion : 2.1.2.0
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright © Logitech 2000-2004. All rights reserved
OriginalFilename : backweb-8876480.exe
Comments : www.logitech.com/ldm

#:24 [easyshare.exe]
ModuleName : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 348
ThreadCreationTime : 8-12-2005 8:00:44 AM
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:25 [kodak software updater.exe]
ModuleName : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"
ProcessID : 360
ThreadCreationTime : 8-12-2005 8:00:51 AM
BasePriority : Normal


#:26 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 380
ThreadCreationTime : 8-12-2005 8:00:58 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:27 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1500
ThreadCreationTime : 8-12-2005 8:04:33 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:28 [intell32.exe]
ModuleName : C:\WINDOWS\System32\intell32.exe
Command Line : intell32.exe (null)
ProcessID : 2208
ThreadCreationTime : 8-12-2005 8:08:19 AM
BasePriority : Normal


#:29 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 1024
ThreadCreationTime : 8-12-2005 11:13:26 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1996
ThreadCreationTime : 8-12-2005 11:21:23 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1710738407-1354289438-4094575798-1010\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1710738407-1354289438-4094575798-1010\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1710738407-1354289438-4094575798-1010\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : johnny@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:johnny@weborama.fr/
Expires : 8-11-2010 3:13:16 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1151 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

4:52:33 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:16.968
Objects scanned:189889
Objects identified:1
Objects ignored:0
New critical objects:1


here's the Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 4:56:13 AM, on 8/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\intell32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com...arkstarnvrfalls
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06087F56-EEC1-B543-BD1E-CDEE8DFCBDEC} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {06087F58-EEC0-B04C-BD14-CDEE88F2BDEB} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {37254F5F-C3F0-807A-902C-8FC3BCC490AF} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {3CFE3425-BC47-2394-8203-64550DA7281D} - C:\WINDOWS\System32\sgg.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\Balsara\LOCALS~1\Temp\ksidsab.dat (file missing)
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\Johnny\LOCALS~1\Temp\cfmniw.dat (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Balsara\LOCALS~1\Temp\ten.dat (file missing)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [TZAGNTA] C:\WINDOWS\TZAGNTA.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [*basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [*eulaole] C:\WINDOWS\java\eulaole.exe
O4 - HKLM\..\Run: [*wmssvc] C:\WINDOWS\Fonts\wmssvc.exe
O4 - HKLM\..\Run: [*baklog] C:\WINDOWS\Config\baklog.exe
O4 - HKLM\..\Run: [*bakdos] C:\WINDOWS\AppPatch\bakdos.exe
O4 - HKLM\..\Run: [*wvss] C:\WINDOWS\Registration\wvss.exe
O4 - HKLM\..\Run: [*accwms] C:\WINDOWS\Drivers\accwms.exe
O4 - HKLM\..\Run: [*xmlinet] C:\WINDOWS\xmlinet.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\classes\winmfc.exe
O4 - HKLM\..\Run: [mains] C:\WINDOWS\Config\mains.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.we...ort/ieatgpc.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Protocol: bw+0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

thanks soooo much guys.....i really appreciate this!
  • 0

#3
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok guys, i updated my Windows XP to SP1 now....... and just ran HJT.....here's the log file....

Logfile of HijackThis v1.99.1
Scan saved at 5:16:52 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\System32\intell32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com...arkstarnvrfalls
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06087F56-EEC1-B543-BD1E-CDEE8DFCBDEC} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {06087F58-EEC0-B04C-BD14-CDEE88F2BDEB} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {37254F5F-C3F0-807A-902C-8FC3BCC490AF} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {3CFE3425-BC47-2394-8203-64550DA7281D} - C:\WINDOWS\System32\sgg.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\Balsara\LOCALS~1\Temp\ksidsab.dat (file missing)
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\Johnny\LOCALS~1\Temp\cfmniw.dat (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Balsara\LOCALS~1\Temp\ten.dat (file missing)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [TZAGNTA] C:\WINDOWS\TZAGNTA.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [*basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [*eulaole] C:\WINDOWS\java\eulaole.exe
O4 - HKLM\..\Run: [*wmssvc] C:\WINDOWS\Fonts\wmssvc.exe
O4 - HKLM\..\Run: [*baklog] C:\WINDOWS\Config\baklog.exe
O4 - HKLM\..\Run: [*bakdos] C:\WINDOWS\AppPatch\bakdos.exe
O4 - HKLM\..\Run: [*wvss] C:\WINDOWS\Registration\wvss.exe
O4 - HKLM\..\Run: [*accwms] C:\WINDOWS\Drivers\accwms.exe
O4 - HKLM\..\Run: [*xmlinet] C:\WINDOWS\xmlinet.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\classes\winmfc.exe
O4 - HKLM\..\Run: [mains] C:\WINDOWS\Config\mains.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123873019831
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.we...ort/ieatgpc.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Protocol: bw+0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


thanks guys......i would love the help.........
  • 0

#4
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #5 for Run Fix by typing 5 and then pressing enter. Go to that website directed for XP computers. and download/run the executable file.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Edited by skate_punk_21, 12 August 2005 - 07:42 PM.

  • 0

#5
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
C:\WINDOWS\SYSTEM32\
atasnt40.dll Tue Aug 2 2005 10:57:50p A.... 217,088 212.00 K
axctp.dll Mon May 16 2005 4:35:34p A.... 1,639,544 1.56 M
bszip.dll Fri Aug 12 2005 4:54:28p A.... 62,464 61.00 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
cmd.com Fri Aug 12 2005 4:54:20p ..SH. 2 0.00 K
dkowqp~1.tcf Thu Jul 28 2005 12:55:46a A.... 33,280 32.50 K
fntcache.dat Fri Aug 12 2005 4:43:14p A.... 155,568 151.92 K
gglib.exe Sat Aug 6 2005 12:01:44a A.... 11,993 11.71 K
instal~1.log Sat Aug 6 2005 4:44:52p A.... 641 0.63 K
intell32.exe Fri Aug 12 2005 1:08:18a A.... 6,144 6.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
muweb.dll Thu May 26 2005 4:19:32a A.... 178,408 174.23 K
netstat.com Fri Aug 12 2005 4:54:16p ..SH. 2 0.00 K
perfc009.dat Fri Aug 12 2005 4:46:02p A.... 40,196 39.25 K
perfh009.dat Fri Aug 12 2005 4:46:02p A.... 311,934 304.62 K
perfst~1.ini Fri Aug 12 2005 4:46:00p A.... 355,944 347.60 K
ping.com Fri Aug 12 2005 4:54:16p ..SH. 2 0.00 K
pncrt.dll Mon May 16 2005 2:20:30p A.... 278,528 272.00 K
pndx5016.dll Mon May 16 2005 2:20:40p A.... 6,656 6.50 K
pndx5032.dll Mon May 16 2005 2:20:40p A.... 5,632 5.50 K
regedit.com Fri Aug 12 2005 4:54:20p ..SH. 2 0.00 K
rmoc3260.dll Mon May 16 2005 2:21:06p A.... 176,167 172.04 K
taskkill.com Fri Aug 12 2005 4:54:20p ..SH. 2 0.00 K
tasklist.com Fri Aug 12 2005 4:54:18p ..SH. 2 0.00 K
tracert.com Fri Aug 12 2005 4:54:16p ..SH. 2 0.00 K
wpa.dbl Fri Aug 12 2005 4:43:54p A.... 1,158 1.13 K
wppp~1.htm Fri Aug 12 2005 5:21:56p A.... 1,622 1.58 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuauclt.exe Thu May 26 2005 4:16:30a A.... 124,184 121.27 K
wuauclt1.exe Thu May 26 2005 4:16:30a A.... 172,312 168.27 K
wuaucpl.cpl Thu May 26 2005 4:16:30a A.... 174,360 170.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K

37 items found: 37 files (7 H/S), 0 directories.
Total of file sizes: 6,591,309 bytes 6.29 M

C:\WINDOWS\
0.log Fri Aug 12 2005 4:44:40p A.... 0 0.00 K
acc1.txt Tue Jul 19 2005 5:16:20p A.... 97 0.09 K
bootstat.dat Fri Aug 12 2005 4:43:36p A.S.. 2,048 2.00 K
cdplayer.ini Sun May 22 2005 9:46:00p A.... 472 0.46 K
comsetup.log Fri Aug 12 2005 4:40:22p A.... 225,848 220.55 K
faxsetup.log Fri Aug 12 2005 1:49:14p A.... 659,887 644.42 K
getser~1.ini Thu Jul 28 2005 5:30:54p A.... 170 0.16 K
iis6.log Fri Aug 12 2005 4:40:22p A.... 99,795 97.45 K
imsins.bak Fri Aug 12 2005 1:48:34p A.... 1,374 1.34 K
imsins.log Fri Aug 12 2005 4:40:22p A.... 1,374 1.34 K
itouch.ini Fri Aug 12 2005 4:54:34p A.... 51 0.05 K
kb824105.log Fri Aug 12 2005 1:48:34p A.... 159,904 156.16 K
kb824141.log Fri Aug 12 2005 1:45:30p A.... 128,205 125.20 K
kb824146.log Fri Aug 12 2005 1:42:26p A.... 159,848 156.10 K
kb828028.log Fri Aug 12 2005 1:39:22p A.... 121,986 119.13 K
kb828035.log Fri Aug 12 2005 1:36:16p A.... 124,032 121.13 K
kb828741.log Fri Aug 12 2005 1:33:02p A.... 121,677 118.82 K
kb833987.log Fri Aug 12 2005 1:31:06p A.... 112,748 110.11 K
kb835732.log Fri Aug 12 2005 1:29:50p A.... 124,860 121.93 K
kb837001.log Fri Aug 12 2005 1:28:02p A.... 108,795 106.24 K
kb839643.log Fri Aug 12 2005 1:26:28p A.... 91,355 89.21 K
kb839645.log Fri Aug 12 2005 1:25:18p A.... 109,802 107.23 K
kb840315.log Fri Aug 12 2005 1:24:04p A.... 94,289 92.08 K
kb840374.log Fri Aug 12 2005 1:22:50p A.... 120,261 117.44 K
kb840987.log Fri Aug 12 2005 1:20:38p A.... 114,751 112.06 K
kb841356.log Fri Aug 12 2005 1:18:22p A.... 105,796 103.32 K
kb841533.log Fri Aug 12 2005 1:16:32p A.... 102,175 99.78 K
kb841873.log Fri Aug 12 2005 1:14:48p A.... 97,243 94.96 K
kb873376.log Fri Aug 12 2005 1:12:52p A.... 101,651 99.27 K
kb887822.log Fri Aug 12 2005 1:11:28p A.... 97,384 95.10 K
lexstat.ini Wed Aug 10 2005 6:25:32p A.... 445 0.43 K
lpt$vpn.749 Wed Jul 27 2005 2:36:26p A.... 15,465,411 14.75 M
msgsocm.log Fri Aug 12 2005 1:49:14p A.... 32,998 32.22 K
nerodi~1.ini Thu Aug 11 2005 9:28:46p A.... 49 0.05 K
ntdtcs~1.log Fri Aug 12 2005 4:40:22p A.... 138,844 135.59 K
ocgen.log Fri Aug 12 2005 1:49:14p A.... 351,836 343.59 K
ocmsn.log Fri Aug 12 2005 1:49:14p A.... 25,364 24.77 K
oewablog.txt Fri Aug 12 2005 4:53:24p A.... 2,546 2.48 K
orun32.ini Wed Jun 8 2005 7:30:50a A.... 884 0.86 K
patch.exe Thu Jul 28 2005 5:30:04p A.... 208,896 204.00 K
q329048.log Fri Aug 12 2005 1:10:06p A.... 100,177 97.83 K
q329170.log Fri Aug 12 2005 1:09:50p A.... 151,825 148.27 K
q329390.log Fri Aug 12 2005 1:07:18p A.... 100,241 97.89 K
q329441.log Fri Aug 12 2005 1:07:04p A.... 152,112 148.55 K
q329834.log Fri Aug 12 2005 1:04:36p A.... 100,185 97.84 K
q810577.log Fri Aug 12 2005 1:04:22p A.... 152,061 148.50 K
q810833.log Fri Aug 12 2005 1:01:52p A.... 152,168 148.60 K
q811493.log Fri Aug 12 2005 12:59:16p A.... 152,697 149.12 K
q811630.log Fri Aug 12 2005 12:56:28p A.... 151,996 148.43 K
q815021.log Fri Aug 12 2005 12:54:12p A.... 152,266 148.70 K
q817606.log Fri Aug 12 2005 12:51:44p A.... 152,443 148.87 K
q819696.log Fri Aug 12 2005 12:49:10p A.... 152,503 148.93 K
rm_res~1.dat Thu Jul 28 2005 5:36:28p A.... 4 0.00 K
schedlgu.txt Fri Aug 12 2005 4:42:06p A.... 32,560 31.80 K
setupact.log Wed Aug 3 2005 7:27:08p A.... 207,486 202.62 K
setupapi.log Fri Aug 12 2005 1:49:12p A.... 343,968 335.91 K
setupa~2.old Fri Aug 12 2005 1:10:10p A.... 1,251,772 1.19 M
stream~1.dll Tue Aug 2 2005 11:02:40p ....R 59,392 58.00 K
svcpack.log Fri Aug 12 2005 4:40:22p A.... 228,466 223.11 K
tmadce.ptn Fri Jul 8 2005 8:51:42p A.... 3,669,327 3.50 M
tmupdate.dll Thu Jul 28 2005 5:30:06p A.... 1,142,784 1.09 M
tmvainfo.xml Wed Jul 13 2005 10:53:34p A.... 160,786 157.02 K
tmvamain.ptn Wed Jul 13 2005 11:40:24p A.... 41,472 40.50 K
tsc.ini Thu Jul 28 2005 5:36:28p A.... 679 0.66 K
tsc.ptn Tue Jul 26 2005 9:58:44p A.... 2,218,036 2.11 M
tsoc.log Fri Aug 12 2005 4:40:22p A.... 267,413 261.14 K
uninstiu.exe Fri Aug 12 2005 4:59:22p A.... 3,072 3.00 K
unzip.dll Thu Jul 28 2005 5:30:06p A.... 69,689 68.05 K
vptnfile.749 Wed Jul 27 2005 2:36:26p A.... 15,465,411 14.75 M
wiadebug.log Fri Aug 12 2005 4:44:26p A.... 159 0.15 K
wiaservc.log Fri Aug 12 2005 4:44:16p A.... 49 0.05 K
window~2.log Fri Aug 12 2005 4:53:30p A.... 972,614 949.82 K
wmsetup.log Thu Aug 11 2005 1:23:32a A.... 301,003 293.95 K
wmsetu~1.log Fri Jul 29 2005 8:06:16p A.... 496 0.48 K
xpsp1hfm.log Fri Aug 12 2005 1:48:36p A.... 83,244 81.29 K
_delis32.ini Sat Aug 6 2005 11:43:18p A.... 816 0.80 K

76 items found: 76 files (1 H/S), 0 directories.
Total of file sizes: 47,606,523 bytes 45.40 M

C:\DOCUME~1\JOHNNY~1.MOM\LOCALS~1\TEMP\
aax12e.tmp Fri Jul 29 2005 10:06:04p A.... 19,728 19.27 K
aax133.tmp Fri Jul 29 2005 10:21:22p A.... 29,532 28.84 K
aax135.tmp Fri Jul 29 2005 11:56:10p A.... 29,532 28.84 K
aax23.tmp Tue Aug 2 2005 7:47:58a A.... 46,024 44.95 K
aax24.tmp Tue Aug 2 2005 7:48:24a A.... 46,024 44.95 K
aax289.tmp Wed Aug 3 2005 6:41:38p A.... 11,220 10.96 K
aax9f.tmp Sat Aug 6 2005 1:49:12p A.... 41,656 40.68 K
acrd2.tmp Wed Aug 10 2005 11:00:40p A.... 2,048,000 1.95 M
angels~1.bmp Sat Aug 6 2005 9:30:14p A.... 21,176 20.68 K
aoluse~1.dll Wed Aug 3 2005 12:20:46a A.... 413,746 404.05 K
axmeta~1.dll Wed Aug 3 2005 12:20:46a A.... 249,906 244.05 K
a~nsisu_.exe Fri Aug 12 2005 4:59:48p A.... 70,427 68.77 K
baseba~1.bmp Sat Aug 6 2005 9:30:16p A.... 21,176 20.68 K
compon~1.dll Thu Aug 4 2005 3:58:00a A.... 208,945 204.05 K
control.xml Thu Aug 11 2005 1:23:32a A.... 717 0.70 K
cursors.dll Thu Aug 4 2005 3:58:00a A.... 28,672 28.00 K
exec.exe Thu Aug 4 2005 3:58:00a A.... 61,440 60.00 K
hcfapj~1.tcf Sat Aug 6 2005 12:05:30a A.... 28,368 27.70 K
java_i~1.log Fri Aug 12 2005 5:24:08p A.... 10,400 10.16 K
jpegre~1.dll Thu Aug 4 2005 3:58:00a A.... 122,927 120.04 K
jusched.log Fri Aug 12 2005 4:53:58p A.... 3,316 3.24 K
keffpj~1.tcf Sat Aug 6 2005 12:05:42a A.... 28,368 27.70 K
lvcomsx.log Sat Aug 6 2005 9:47:10p A.... 1,558 1.52 K
mts3re~1.dll Thu Aug 4 2005 3:58:00a A.... 204,847 200.04 K
nascar.bmp Sat Aug 6 2005 9:30:16p A.... 21,176 20.68 K
neutro~1.bmp Sat Aug 6 2005 9:30:16p A.... 21,176 20.68 K
persis~1 Fri Aug 12 2005 1:14:54a A.... 16 0.02 K
psguar~1.exe Fri Aug 12 2005 4:59:40p A.... 2,121,352 2.02 M
remove~2.txt Fri Aug 12 2005 1:15:40a A.... 1,126 1.10 K
rtcins~1.exe Sat Aug 6 2005 5:29:24p A.... 4,946,352 4.71 M
rtdrvmon.exe Fri Aug 12 2005 5:14:36p A.... 40,960 40.00 K
scenec~1.dll Thu Aug 4 2005 3:58:00a A.... 1,171,507 1.12 M
sreedmmx.dll Thu Aug 4 2005 3:58:00a A.... 528,429 516.04 K
swfview.dll Thu Aug 4 2005 3:58:02a A.... 643,116 628.04 K
swtmp.htm Fri Jul 29 2005 10:04:58p A.... 99 0.09 K
travel~1.bmp Sat Aug 6 2005 9:30:14p A.... 21,176 20.68 K
verbnow.bmp Sat Aug 6 2005 9:30:16p A.... 21,176 20.68 K
vmpvideo.dll Thu Aug 4 2005 3:58:02a A.... 618,541 604.04 K
werfd.tmp Sat Aug 6 2005 4:46:06p A.... 0 0.00 K
_power~1.swf Fri Jul 29 2005 11:59:36p A.... 14,335 13.99 K
~df45fb.tmp Fri Aug 5 2005 12:37:46a A.... 16,384 16.00 K
~df8561.tmp Tue Aug 2 2005 9:54:08p A.... 16,384 16.00 K
~df88e8.tmp Fri Aug 5 2005 3:39:40a A.... 16,384 16.00 K
~df8901.tmp Fri Aug 12 2005 4:54:10p A.... 16,384 16.00 K
~df8b94.tmp Fri Jul 29 2005 5:46:18p A.... 16,384 16.00 K
~df968c.tmp Sat Aug 6 2005 4:53:46p A.... 16,384 16.00 K
~df980b.tmp Sat Aug 6 2005 11:59:24p A.... 16,384 16.00 K
~dfccaf.tmp Wed Aug 10 2005 11:12:30p A.... 16,384 16.00 K
~dfe79.tmp Fri Aug 12 2005 1:00:58a A.... 16,384 16.00 K
~dfeaed.tmp Mon Aug 1 2005 3:12:52p A.... 16,384 16.00 K

50 items found: 50 files, 0 directories.
Total of file sizes: 14,082,082 bytes 13.43 M

Edited by skate_punk_21, 12 August 2005 - 11:45 PM.

  • 0

#6
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Downloads
1. Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

2. Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, EXIT Ewido

3. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com...arkstarnvrfalls
O2 - BHO: (no name) - {06087F56-EEC1-B543-BD1E-CDEE8DFCBDEC} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {06087F58-EEC0-B04C-BD14-CDEE88F2BDEB} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {37254F5F-C3F0-807A-902C-8FC3BCC490AF} - C:\WINDOWS\System32\jge.dll (file missing)
O2 - BHO: (no name) - {3CFE3425-BC47-2394-8203-64550DA7281D} - C:\WINDOWS\System32\sgg.dll (file missing)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TZAGNTA] C:\WINDOWS\TZAGNTA.exe
O4 - HKLM\..\Run: [mains] C:\WINDOWS\Config\mains.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
Check all O18 entries except for the first one

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\System32\jge.dll
C:\WINDOWS\System32\sgg.dll
c:\windows\system\BHOmod.dll
C:\WINDOWS\TZAGNTA.exe
C:\WINDOWS\Config\mains.exe
C:\Program Files\winupdates\
gglib.exe <<--search for via Start | search
C:\Program Files\PSGuard\


Run Downloaded Programs
1. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


2. Open Ad-aware and do a full scan. Remove all it finds.


3.Run Ewido Security Suite . Set the program up as follows:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
  • Click on Start Scan
  • Let the program scan the machine
    While the scan is in progress you will be prompted to clean the first file. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the window (this way you don't have to sit and watch ewido) click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop.
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.


Reboot back to normal mode Now please


[b]What I Need Back From You

1. Fresh HijackThis Log
2. The contents of the smitfiles.txt
3. Ewido Log

Edited by skate_punk_21, 12 August 2005 - 08:14 PM.

  • 0

#7
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Ewido Log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:00:27 PM, 8/12/2005
+ Report-Checksum: 612CA735

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55E301E5-BA44-4095-BB0B-14E0123CCF71} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55E301E5-BA44-4095-BB0B-14E0123CCF71} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
[448] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Cleaned with backup
[1088] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
C:\Documents and Settings\Balsara\Complete\4 new Albums.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Adobe Illustrator CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\After Effects 6.5 Studio Techniques.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\AI RoboForm 6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Alawar Arkanoid 4000 v1.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Alcohol 120% v1.9.5.3105.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Altova XMLSpy 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ApBackUp 2.5.1591.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Arial Audio Converter 2.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Arial CD Ripper 1.3.93.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Assault on Precinct 13 (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\AutoRun Pro v6.0.0.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Avast Professional 4.5.546.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Batman Begins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Battlefield 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Be Cool DVDSCR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Blaze DVD Copy v3.5.9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Bluetooth Application Developers Guide.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Citizen Kane.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\CleanCenter 1.34.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Clock Tray Skins 1.77.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\CloneCD v5.2.6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Coach Carther.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Commandos 3 Destination Berlin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Computer Gaming World Magazine July-Augu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Computer Shopper July 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Constantine.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Cyber Cafe Pro 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Digital Character Animation 2 Vol 1 Esse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Digital Character Animation 2 Vol 2 - Ad.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\DivX Pro 5.2.1 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Domain Punch Professional v1.0.060205.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Download Accelerator Plus 7.4.02..zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Easy Music CD Burner v3.0.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\eFirearms 5.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\eMule 0.46c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Fantasy Forest 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Far Cry DVD - Full & Working.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Final Draft 7.1.1.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Finding Nemo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\FlashJester Jugglor Professional v2.1e.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Freddy VS Jason.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Free Internet TV v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Freeproxy 3.81 Build 1527.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\FruityLoops 5.0.2c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\FruityLoops 5.02c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\FunPhotor v3.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Game XP 1.5.7.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\GoGo CD To MP3 v1.3.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\GXTranscoder 2.20.2737.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Harry Potter and the Half-Blood Prince.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Harry Potter and the prisoner of azkaban.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Harry Potter and the Sorceror's Stone (M.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Herbie fully loaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Hiring Independent Contractors The Emplo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ImageLine FL Studio 5.0.2c Studio Prod.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Inside The Business of Graphic Design 60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ipswitch Collaboration Suite v2.01 Premi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\JGSoft PowerGREP 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\JOC Email Checker v2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\JOC Web Finder v3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\JOC Web Spider v3.72.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\jv16 PowerTools 2005 1.5.1.303.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Kaspersky Anti-Virus 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Kingdom of heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Knights of the old Republic II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Konfabulator 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Kylie Minogue - Fever (Album).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Kylie Minogue - Fever.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\LOTR - Return of the King (Mobile phone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Mean Girls.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Medal of Honor Pacific Assault - Fast H.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Media Show XP v3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Meet The Fockers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Mexican Motor Mafia.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Microsoft Windows 2003 Server 10 in 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Microsoft Windows 98 SE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Microsoft Windows vista Codename Longh.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Microsoft World of Flight.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Moto Racer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\MSConfig Cleanup 1.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\nVidia nTune 2005 2.05.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\nVidia nTune 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Office 2003 pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Opera 7.60 Technical Preview 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Opera 8.02 Build 7680.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Paint Shop Pro 9.01 PREMIUM.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\PartitionMagic 8.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Photo Collage 1.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Pirates of the carribean.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Planetry Conquest PC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Playboy The Mansion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Pointdev IDEAL Administration v6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Prince Of Persia Sands Of Time.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Prison Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ProShow Gold 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Quake 4 (Quake IV) Real.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ram Idle Pro 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\RAM Saver Pro Version 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\RAP music&amp;Video.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\RapidShare, QuickFile, myTempDir files G.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Recover My Files 3.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ReGet Deluxe 4.1.244.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Registry Mechanic 4.0.0.101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Registry Mechanic 5.0.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Remove Toolbar Buddy v4.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Restorator 2005 Build 1457.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Robots(mobile phone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Sail Simulator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Secura Backup Professional v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\SecureCRT v5.0.1.1008.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Shuric Scan v1.68.398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Silent Hill.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Simple CD DVD Menu 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Skateboard Park Tycoon 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ski-Doo X-Team Racing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\SlySoft AnyDVD 4.5.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Snappy Fax 3.55.4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Spartan.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Sparx Systems Enterpris Architect.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Spyware Doctor 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\StealthDisk 2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Style XP 3.11 Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\SWiSHpresenter v1.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Tag&Rename 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Tally 7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Taxi (2004).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Taxi - Soundtrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\TechSmith Camtasia Studio 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\The Devil's Rejects.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\The Frighteners (Mobile phone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\The Logo Creator Mega Pack 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\The Pacifer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\The simpsons Season 16 episode 2 (xvid - HTTP).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Thirteen (Mobile phone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Tiny Personal Firewall 6.5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\TitleBarClock Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ToonBoom Studio 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Total Game Control v3.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Troy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Turbo FTP 4.5.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\TUX Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ultra AVI Converter v1.9.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ultra Edit Studio v05.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Ultra MPEG Converter 1.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Video Convert Master 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Video Vault v3.0.0.0155.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\VideoInspector 1.6.0.85.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Virtual DJ Studio 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Web Download Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Web Scraper Plus v4.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Winamp 5.07 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Windows Patrol 9.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\WinImage 7.0.7000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Winnow Cleaner 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Without a Paddle (2004).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\World of Warcraft + Online patch.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\X-Setup Pro 6.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Xceed Ultimate Suite v2005.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\XMPlay 3.2.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\ZoneLabs ZoneAlarm Pro 5.5.062.004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Complete\Zoo Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Balsara\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\tb3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Balsara\Local Settings\Temporary Internet Files\Content.IE5\KPU3O1ER\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Balsara\Local Settings\Temporary Internet Files\Content.IE5\OEAB51EJ\common[1].cab/common.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\YRON0Z81\lgx[1].exe.tcf/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\YRON0Z81\lgx[1].exe.tcf/kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Armies Of Exigo - RELOADED iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Camtasia Studio v2.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Chaos League.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Crown of Glory Europe in the Age of Na.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\DVDIdle 5.93.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\EA SPORTS Rugby 2005 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Earth Empire II iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Easy Video to Audio Converter v1.2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Elite Warriors Vietnam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\FlashFXP v2.2 Build 986.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Free Internet TV v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\FruityLoops 5.0.2c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\FruityLoops 5.02c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Grand Theft Auto San Andreas PC iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Heavyweight Thunder.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Hide IP Platinum v1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Kylie Minogue - Fever (Album).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Kylie Minogue - Fever.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Live Billiards Deluxe 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Manhattan Chase iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Medieval Conquest.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Moorhuhn III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Mootools 3D Photo Browser v8.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\NASCAR SimRacing iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Netscape v8.0.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Opera 8.02 Final 8.01 Rus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Outlook Express Backup Restore v1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Outpost Firewall Pro v2.7.491.415.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Outpost Office Firewall v1.0.452.402.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\PHP-Nuke 7.8 FINAL Released.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Prince of Persia 2 Warrior Within Comp.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Registry Mechanic 5.0.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\S.C.A.R. - Squadra Corse Alfa Romeo iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Spyware Doctor 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Style XP 3.11 Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Style XP v3.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Super Utilities 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Taxi 3 eXtreme Rush iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Thief 3 Deadly Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Track Mania.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Uru Ages Beyond Myst ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Web Dumper v2.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\West Coast Rally Chrysler.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Windows XP 64 bit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Windows XP 64-bit PRO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\WWF Safari Adventures in Africa.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\Xara Webstyle 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Guest\Shared\ZoneAlarm Security Suite, Antivirus, Professional 60.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\ HeavyMath Cam 3D Webmaster Edition 2.5..zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\1Click DVD Copy 4.2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\1Click DVD Copy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\A3dstitcher V1.0 © 2005 Anything3d Corp.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Absolute Uninstaller V1.45 (Updated).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Actitrend Software Informaizer v5.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Adobe Illustrator CS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Advanced Image Resizer v2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Advanced Pic Hunter v2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Age of Empires 2 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Age of Mythology.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Agnitum Outpost Firewall Pro v2.7.491.5421.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Alarm++ 7.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Aliens Versus Predator 2 + Primal Hunt E.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\All Hacker books.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Archangel.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Area 51 plus all add-ons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Aurora Media Workshop v2.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Backup To DVD CD v5.1.158.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Batch Video Joiner v1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Big Tit [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Blood 2 The Chosen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Boogeyman DVDR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\C-Free v3.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Carmen Electra- Playboy DVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Carrara Studio 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Clientes Facil 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Coach Carter works.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Codename Gordon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Colin McRae Rally 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Commandos 3 destination berlin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\CopyToDVD 3.0.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\COUNTER-STRIKE SOURCE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Counterstrike 2D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\CursorArts IconForge 7.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Dark Water.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Dave Mirra Pro BMX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Defense Commander.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Delta Force - Black Hawk Down.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\DivX 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Donkey Kong Island 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Download Master 4.3.3.905.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Dr.Web 4.32.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Driver 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\DX-Ball 2 with 600 Boards.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Easy GIF Animator 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Easy Screen saver Maker v1.2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Electra (2004) good speed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\eMule 0.46c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\eTrust Antivirus 2005 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Fastype Typing Tutorial 6.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\FlashGet v1.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Flatout.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Free Internet TV v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\FruityLoops 5.0.2c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\FruityLoops 5.02c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Futurama - S05E06 - Less than hero.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Geoff Crammond's Grand Prix 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\GTA SA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\GTA Vice City.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\HeavyMath Cam 3D Webmaster Ed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Herbie Full Reloaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Hidden And Dangerous.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Hitman 3 Contracts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\House of Wax DivX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\ImTOO 3GP Video Converter v2.1.50.714b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Internet Download Accelerator v4.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\IrfanView 3.97.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Joint Operations Typhoon Rising.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Kerio MailServer V6.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Krystal First Time [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Kylie Minogue - Fever (Album).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Kylie Minogue - Fever.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Lavasoft Ad-Aware SE Professional.v1.06r1 Full Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Lego Island 2 (hhtp).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\LinkLines v1.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Longest Yard (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Lord of the rings 1-2-3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Lords of the Realm III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Meet The Fockers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Microsoft AntiSpyware Beta 1.0.615 Beta.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Miss Congeniality 2 TC XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Mr. And Mrs. Smith XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Need for Speed Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Netscape Browser v8.0.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\NEWS and Noise Ninja 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Newsleecher v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\PowerArchiver 9.25.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Princess Diaries 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Psi-Ops - The Mindgate Conspiracy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Quark Xpress Passport 6.1 + 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Radeon Omega Drivers 2.6.53.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Recover My Files v3.70 (Updated).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Registry Mechanic 5.0.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Resolume 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Rise of Nations.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Roller Coaster Tycoon 3 Soaked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Sail Simulator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Savage Battle for Newerth.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Sex 13 min Japanese girl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Simpsons Hit & Run.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Sin City TS SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\South Park 709 - Christian Hard Rock.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\SpyRemover v2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Spyware Doctor 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Star Wars Episode III Revenge of the Sit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Star Wars Jedi Knight II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Stardock Blog Navigator Pro 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Style XP 3.11 Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Stylexp 3.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Swat 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\SwitchSync EX 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Tekken 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\The Amityville Horror TS SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\The Interpreter 2005 TC DVDRip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\The Pacifier RERIP TC SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\The Taste Of Tea.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Titan FTP Server Enterprise Edition v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Tomb Raider 5 Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\ToWeb v1.0.1.425.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Turkish Gambit (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Unreal Tournament 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Unreal Tournament.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\vBulletin 3.5 Beta 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Video Converting and Burning Solution.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Win-Spy Software 8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\Worms Armageddon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\X-Com UFO Defence.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\xXx State of the Union TC XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Complete\ZoneLabs ZoneAlarm Pro 6.0.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@e-2dj6wjny-1jczsf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@programs.wegcash[1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Johnny.MOMS\Cookies\johnny@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\KRP7YUJX\rocks[1].exe.tcf -> Backdoor.Spyboter : Cleaned with backup
C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\S9A7OX23\!update-2124[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\S9A7OX23\!update-2195[1].0000 -> TrojanDownloader.Agent.df : Cleaned with backup
C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\YZIZUT63\pictures[1].pif -> Backdoor.SdBot : Cleaned with backup
C:\Installs.exe.tcf/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Installs.exe.tcf/kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\ntdetecd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2047.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\VM.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system\EXPLORER.SCR -> Worm.Benjamin.A : Cleaned with backup
C:\WINDOWS\system\Loader.dll.tcf -> TrojanDownloader.Agent.li : Cleaned with backup
C:\WINDOWS\system32\axuninstall.exe -> Spyware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\bAs.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\dkowqpkd.exe.tcf -> Backdoor.Spyboter : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\fpmat78.dll -> TrojanDownloader.Rameh.b : Cleaned with backup
C:\WINDOWS\system32\gglib.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End



smitrem Log



smitRem log file
version 2.3

by noahdfear

The current date is: Fri 08/12/2005
The current time is: 20:09:16.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! ;)


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

intell32.exe
oleext.dll
wppp.html


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

uninstIU.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ dllcache\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll ~~~~


~~~~ KB890923\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll ~~~~


~~~~ KB867282\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll ~~~~


~~~~ KB883939\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\ServicePackFiles\i386\wininet.dll ~~~~


~~~~ C:\WINDOWS\ServicePackFiles\i386\wininet.dll Present! ~~~~


~~~~ Checking C:\WINDOWS\ServicePackFiles\i386\wininet.dll for infection ~~~~


~~~~ ServicePackFiles\i386\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from ServicePackFiles\i386 ~~~


HJT comming up......

Edited by darkstar225, 13 August 2005 - 12:33 AM.

  • 0

#8
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok, this is the WHOLE HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:17:07 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [*basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [*eulaole] C:\WINDOWS\java\eulaole.exe
O4 - HKLM\..\Run: [*wmssvc] C:\WINDOWS\Fonts\wmssvc.exe
O4 - HKLM\..\Run: [*baklog] C:\WINDOWS\Config\baklog.exe
O4 - HKLM\..\Run: [*bakdos] C:\WINDOWS\AppPatch\bakdos.exe
O4 - HKLM\..\Run: [*wvss] C:\WINDOWS\Registration\wvss.exe
O4 - HKLM\..\Run: [*accwms] C:\WINDOWS\Drivers\accwms.exe
O4 - HKLM\..\Run: [*xmlinet] C:\WINDOWS\xmlinet.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\classes\winmfc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123873019831
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.we...ort/ieatgpc.cab
O18 - Protocol: bw+0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#9
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
And We're Back!

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
Almost there!!!

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [*basdisk] C:\WINDOWS\addins\basdisk.exe
O4 - HKLM\..\Run: [*eulaole] C:\WINDOWS\java\eulaole.exe
O4 - HKLM\..\Run: [*wmssvc] C:\WINDOWS\Fonts\wmssvc.exe
O4 - HKLM\..\Run: [*baklog] C:\WINDOWS\Config\baklog.exe
O4 - HKLM\..\Run: [*bakdos] C:\WINDOWS\AppPatch\bakdos.exe
O4 - HKLM\..\Run: [*wvss] C:\WINDOWS\Registration\wvss.exe
O4 - HKLM\..\Run: [*accwms] C:\WINDOWS\Drivers\accwms.exe
O4 - HKLM\..\Run: [*xmlinet] C:\WINDOWS\xmlinet.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\classes\winmfc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

NOTE: anything looking like XXXXXX~1.xxx (x being a letter) find the first file that has those first 6 letters, and delete it.

C:\WINDOWS\addins\basdisk.exe
C:\WINDOWS\java\eulaole.exe
C:\WINDOWS\Fonts\wmssvc.exe
C:\WINDOWS\Config\baklog.exe
C:\WINDOWS\AppPatch\bakdos.exe
C:\WINDOWS\Registration\wvss.exe
C:\WINDOWS\Drivers\accwms.exe
C:\WINDOWS\xmlinet.exe
C:\WINDOWS\java\classes\winmfc.exe

go to this folder--> C:\WINDOWS\SYSTEM32\
delete these files:
atasnt40.dll
bszip.dll
cmd.com
dkowqp~1.tcf
instal~1.log
netstat.com
perfst~1.ini
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.com


go to this folder--> C:\WINDOWS\
delete these files:
0.log
acc1.txt
getser~1.ini
lpt$vpn.749
oewablog.txt
stream~1.dll
tmadce.ptn
uninstiu.exe
vptnfile.749
window~2.log
ocgen.log
ocmsn.log
rm_res~1.dat
_delis32.ini



Reboot your system in Normal Mode.


Further Scanning
Please run a Scan at the Following site
Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here

Please post a fresh HijackThis log & the Log from Panda so that we can check if your system is clean.
  • 0

#10
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok, here's the Panda Scan Log


Incident Status Location

Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Johnny.MOMS\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Johnny.MOMS\Desktop\l2mfix.exe[Process.exe]
Dialer:Dialer.BEW No disinfected C:\Documents and Settings\Johnny.MOMS\Local Settings\Temporary Internet Files\Content.IE5\EHNKH0RM\connect[1][Content]
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\OHSZGZG7\prompt[1].htm
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\SHGPQNG5\CA3I5C1L.HTM
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\SHGPQNG5\CAC9I3CP.HTM
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\SHGPQNG5\CAWX638D.HTM
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\SHGPQNG5\mtrslib2[1].js
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\none\Local Settings\Temporary Internet Files\Content.IE5\YZIZUT63\CA4TMBS5.HTM
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/WUpd No disinfected C:\update.html
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Downloaded Program Files\VMInstaller.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\inf\biA.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\biA.exe
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\system32\Process.exe
i hope u can make sense outta that.......

here's the HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 4:21:35 AM, on 8/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123873019831
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.we...ort/ieatgpc.cab
O18 - Protocol: bw+0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

ok, thats the 2 u asked for........i'll be back here later today to try and finish........thanks tons!!!
  • 0

#11
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! and install it. DO NOT RUN IT YET

Download Killbox
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot) Click Yes at the 'Pending Operations prompt'. if you see it:

C:\WINDOWS\Downloaded Program Files\VMInstaller.exe
C:\WINDOWS\inf\biA.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\system32\biA.exe

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


Do not reboot yet

Run CleanUp! Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Now Reboot/logoff when prompted.

...After the reboot...

Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\system32\windialup\3083[1]\windialup.exe (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

Now Delete this folder: C:\WINDOWS\system32\windialup\


and now..........

Congratulations Your Log is Clean!!:grin:


System Restore

Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.

Reboot your System.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.


Preventative Measures

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?.

Also Consider...
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:How is she running now? Any further problems? If not, Good work, and Happy Computing!

Please reply once more so we know you have read these measures. - at which point i will let you know about P2P software...

Edited by skate_punk_21, 13 August 2005 - 10:56 AM.

  • 0

#12
darkstar225

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok, i've done everything.......and this is the last HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 2:06:40 PM, on 8/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123873019831
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://geeksquad.we...ort/ieatgpc.cab
O18 - Protocol: bw+0 - {DF3E1893-EB12-4063-B50C-9334526DBACA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


ok.....now that this is done.....(hopefully)....can i get rid of Kill Box, smitrem, ewido seurity and all the other stuff u had me get, and the logs??

Edited by darkstar225, 13 August 2005 - 04:22 PM.

  • 0

#13
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
you can now remove all those previous programs...
but DO follow the instructions in my last post!!

Regarding the questions you had about Peer 2 peep filesharing:

When you are downloading a file from an unknown source, the program itself doesnt even have to be malware based (as many filesharing system are ie. Kazaa), people can easily infect files they are sharing or bundle up these "baddies" in that zipfile you just downloaded!

G2G does NOT condone P2P filesharing of any sort nor will we deal with any troubles you may have installing/running these programs.

sorry to rain on your parade, but its your call,
Skate_Punk_21

If you still think these programs are necessary, here is more info on filesharing aps what is clean and what has malware in it
http://www.spywarein...m/articles/p2p/

Edited by skate_punk_21, 13 August 2005 - 04:27 PM.

  • 0

#14
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Problem Resolved, Thread Closed...
  • 0

#15
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP